docx
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Command Execution (MEDIUM): The script
ooxml/scripts/pack.pyusessubprocess.runto invoke thesoffice(LibreOffice) command to validate documents. While this is tied to the primary purpose of the skill, executing external system binaries introduces risks associated with the security of the host environment and the external tool. \n- Unverifiable Dependencies & Remote Code Execution (MEDIUM): Inooxml/scripts/unpack.py, the use ofzipfile.ZipFile.extractall()without path validation makes the skill vulnerable to 'Zip Slip' attacks. A crafted Office file containing directory traversal characters (e.g.,../../) could potentially overwrite files outside the intended output directory. \n- Indirect Prompt Injection (LOW): The skill processes untrusted external data in the form of Office documents. \n - Ingestion points:
ooxml/scripts/unpack.pyextracts XML and relationship data from user-provided Office files. \n - Boundary markers: Absent. There are no markers or safety instructions to prevent the agent from being influenced by malicious content inside the documents. \n
- Capability inventory: The skill can write to the file system and execute subprocesses (via
pack.py). \n - Sanitization: The skill uses
defusedxmlto mitigate XXE vulnerabilities, but it does not sanitize the textual content of the extracted documents.
Audit Metadata