zip-handler
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The extraction tool in
scripts/unpack.pyis vulnerable to path traversal (Zip Slip) attacks because it does not sanitize file paths within the archive before extraction. - Ingestion points: The
scripts/unpack.pyscript processes zip files from paths provided in thezip_pathargument. - Boundary markers: None; the instructions do not specify any validation or boundary markers for untrusted archives.
- Capability inventory: The script has file system write access through the
zipfile.extractall()method. - Sanitization: Absent; the script fails to validate that the paths of extracted members are within the target destination directory, potentially allowing a malicious archive to overwrite sensitive files outside the extraction folder.
Audit Metadata