pptx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The scripts
ooxml/scripts/unpack.pyandooxml/scripts/validation/docx.pyutilizezipfile.ZipFile.extractall()without path validation. This creates a potential Path Traversal (ZipSlip) vulnerability where a maliciously crafted Office document could attempt to overwrite files outside the target directory.\n- COMMAND_EXECUTION (LOW): The scriptooxml/scripts/pack.pyexecutes thesoffice(LibreOffice) command to validate document integrity. While it uses the safer list-based argument passing (avoiding shell injection), it introduces a dependency on a complex external binary that must be present in the environment.\n- Indirect Prompt Injection (LOW): The skill processes untrusted user-provided OOXML files, which serve as ingestion points for external data that could contain instructions designed to influence the agent.\n - Ingestion points: Document files processed in
unpack.pyandvalidate.py.\n - Boundary markers: None identified; the skill processes raw XML content.\n
- Capability inventory: Includes file system read/write and subprocess execution (
soffice).\n - Sanitization: Uses
defusedxmlto mitigate XXE, but does not sanitize document content against embedded logical instructions.
Audit Metadata