pptx
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Command Execution] (HIGH): The
ooxml/scripts/unpack.pyscript useszipfile.ZipFile.extractall()without path validation. This is a Zip Slip vulnerability that allows a malicious Office document to overwrite arbitrary files on the system via path traversal (e.g., using '..' in filenames). - [Data Exfiltration] (MEDIUM): The
ooxml/scripts/validation/docx.pymodule useslxml.etree.parse()with default settings, which is susceptible to XML External Entity (XXE) attacks. This could allow an attacker to read local files or perform SSRF if the agent processes a specially crafted document. - [Indirect Prompt Injection] (LOW): The skill processes untrusted external document data which could contain malicious instructions designed to influence the agent's behavior. Evidence: 1. Ingestion points:
ooxml/scripts/unpack.pyand various validation scripts processing .docx/.pptx files; 2. Boundary markers: None observed; 3. Capability inventory: File reading/writing via zip extraction and subprocess execution ofsoffice; 4. Sanitization: Inconsistent use ofdefusedxml(used in packing but not in docx validation).
Recommendations
- AI detected serious security threats
Audit Metadata