Skills
skills/hanli0705/lead_agent/docx/Gen Agent Trust Hub

docx

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [Command Execution] (LOW): The script ooxml/scripts/pack.py invokes the soffice binary through subprocess.run to perform document validation.
  • [Data Exposure & Exfiltration] (MEDIUM): In ooxml/scripts/validation/docx.py, lxml.etree.parse() is used on XML files from untrusted Office documents without disabling external entities, creating an XXE vulnerability that could lead to local file disclosure.
  • [Indirect Prompt Injection] (MEDIUM): The skill ingests untrusted data from Office files (Ingestion points: unpack.py, validate.py) and lacks boundary markers. While it uses defusedxml for some tasks, the use of lxml represents a failure in sanitization before interacting with system capabilities (Capability: soffice subprocess).
  • [Unverifiable Dependencies] (LOW): Dependencies include lxml and defusedxml. The specific use of lxml for parsing untrusted document content is a security concern.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 08:49 AM