pptx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Zip Slip / Directory Traversal vulnerability in
ooxml/scripts/unpack.py. - Evidence: The line
zipfile.ZipFile(input_file).extractall(output_path)extracts the contents of an Office document without validating the internal file paths. Malicious ZIP entries containing directory traversal sequences (e.g.,../../) can overwrite sensitive files outside the intended destination directory. - Category 8 (Indirect Prompt Injection) Evidence Chain:
- Ingestion points:
ooxml/scripts/unpack.pyaccepts untrusted Office documents as input. - Boundary markers: Absent; the skill does not use delimiters or warnings to isolate untrusted content.
- Capability inventory: The skill possesses file-writing capabilities via
extractall()andPresentation.save(). - Sanitization: Absent; member names in the ZIP archive are not validated for safety before extraction.
- [COMMAND_EXECUTION] (LOW): Subprocess execution of
soffice. - Evidence: In
ooxml/scripts/pack.py, the skill executessoffice(LibreOffice) for document validation. While it uses the safer list-basedsubprocess.runmethod, it relies on an external binary and processes untrusted files through it. - [INFO]: Protection against XML External Entity (XXE) attacks.
- Evidence: The skill correctly utilizes
defusedxml.minidomfor XML parsing in bothpack.pyandunpack.py, demonstrating a good baseline for secure data handling.
Recommendations
- AI detected serious security threats
Audit Metadata