doc
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): Vulnerable XML parsing of untrusted DOCX content. * Evidence:
scripts/render_docx.pyusesxml.etree.ElementTree.fromstring(xml)in thecalc_dpi_via_ooxml_docxfunction. * Risk: The standardElementTreelibrary does not prevent external entity expansion. A crafted DOCX file (which is a ZIP container of XML files) can include malicious entities to read local files (e.g.,/etc/passwd) or probe internal network services. - [COMMAND_EXECUTION] (MEDIUM): Subprocess execution of system binaries with untrusted input paths. * Evidence:
scripts/render_docx.pyinvokessoffice(LibreOffice) andpdftoppmusingsubprocess.run. * Risk: While the script uses a list for arguments, processing complex, potentially malformed document formats using a headless office suite exposes a significant attack surface for exploitation of the underlying binaries. - [REMOTE_CODE_EXECUTION] (HIGH): Indirect Prompt Injection surface. * Ingestion points: Untrusted DOCX files are ingested via
input_pathinscripts/render_docx.py. * Boundary markers: None; the script immediately parses and processes the file content. * Capability inventory: Includessubprocess.run(LibreOffice execution),ZipFileoperations, and file writing tooutput/andtmp/. * Sanitization: Missing; there is no validation of the XML structure or document integrity prior to processing with high-privilege tools.
Recommendations
- AI detected serious security threats
Audit Metadata