Skills
skills/eoash/ash-skills/hwpx/Gen Agent Trust Hub

hwpx

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill is vulnerable to Path Traversal (ZipSlip) and XML External Entity (XXE) attacks when handling untrusted documents.
  • Path Traversal: In scripts/office/unpack.py, the script extracts ZIP entries using their internal filenames without validation (output / entry), which could allow an attacker to write or overwrite files outside the intended directory.
  • XXE: Multiple scripts, including analyze_template.py and build_hwpx.py, parse XML using lxml without disabling entity resolution, potentially allowing unauthorized access to local files via malicious document structure.
  • [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by extracting and processing untrusted content from HWPX documents.
  • Ingestion points: scripts/text_extract.py and scripts/analyze_template.py return document text directly to the agent.
  • Boundary markers: Absent.
  • Sanitization: No content filtering is applied.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 03:24 PM