pptx
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes external system commands for document conversion and validation. * Evidence: ooxml/scripts/pack.py (line 101) uses subprocess.run to call soffice (LibreOffice).
- EXTERNAL_DOWNLOADS (LOW): The skill depends on the external utility soffice which must be present in the execution environment.
- Indirect Prompt Injection (LOW): The skill processes untrusted Office documents that may contain instructions intended to influence agent behavior. * Ingestion points: ooxml/scripts/unpack.py (line 15) and ooxml/scripts/validation/docx.py (line 171) extract contents from user-provided ZIP/Office files. * Boundary markers: Absent. There are no explicit delimiters or instructions for the agent to ignore instructions embedded in the XML content. * Capability inventory: Includes subprocess execution of soffice and file system writes. * Sanitization: XML parsing is secured with defusedxml, and XML comments are removed during packing, but input files are extracted using standard zipfile methods without prior validation.
Audit Metadata