docx
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile contains mandatory instructions for the agent to "NEVER set any range limits" when reading documentation files, a technique that can be used to bypass safety filters or force the agent to consume large instruction sets containing malicious payloads.\n- [COMMAND_EXECUTION]: The scriptsooxml/scripts/unpack.pyandooxml/scripts/validation/docx.pyusezipfile.ZipFile.extractall()without validating archive member paths. This creates a Zip Slip vulnerability, allowing a malicious document to overwrite arbitrary files on the system.\n- [COMMAND_EXECUTION]: The skill's setup documentation instructs the agent to usesudo apt-get installto install system dependencies likepandoc,libreoffice, andpoppler-utils, which presents a significant privilege escalation risk.\n- [COMMAND_EXECUTION]: Validation modules in theooxml/scripts/validation/directory use thelxmllibrary for parsing XML files without explicitly disabling entity resolution, potentially exposing the system to XML External Entity (XXE) attacks.\n- [EXTERNAL_DOWNLOADS]: The skill documentation requires the global installation of thedocxlibrary via NPM and several system packages.
Recommendations
- AI detected serious security threats
Audit Metadata