docx
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The
pack.pyscript invokes thesoffice(LibreOffice) command-line utility viasubprocess.run. Although it uses the list format for arguments, executing a complex document processor on untrusted file paths is a significant capability surface. - PROMPT_INJECTION (HIGH): The skill possesses a high-risk attack surface for indirect prompt injection (Category 8). 1. Ingestion points:
ooxml/scripts/unpack.pyextracts content from external, untrusted OOXML (ZIP) documents. 2. Boundary markers: No delimiters or ignore-instructions are present to prevent the agent from being influenced by data found within the documents. 3. Capability inventory: The skill has file-write permissions (pack.py,unpack.py) and command-execution capabilities (pack.py). 4. Sanitization: While the developer useddefusedxmlin several scripts to mitigate XML attacks,ooxml/scripts/validation/docx.pyuseslxml.etree.parsewithout explicit safeguards against XML External Entities (XXE). Furthermore, the use ofzipfile.extractall()on untrusted archives inunpack.pypresents a directory traversal risk.
Recommendations
- AI detected serious security threats
Audit Metadata