Skills
skills/jst-well-dan/skill-box/docx/Gen Agent Trust Hub

docx

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (HIGH): Vulnerable XML parsing in ooxml/scripts/validation/docx.py. Evidence: The script uses lxml.etree.parse() on XML files extracted from untrusted documents without disabling external entity resolution, making it vulnerable to XML External Entity (XXE) attacks.
  • Unverifiable Dependencies & Remote Code Execution (HIGH): Zip Slip (Path Traversal) vulnerability in ooxml/scripts/unpack.py and ooxml/scripts/validation/docx.py. Evidence: Both scripts use zipfile.ZipFile.extractall() on untrusted input files without validating extraction paths, which allows a malicious archive to overwrite arbitrary files on the system.
  • Indirect Prompt Injection (LOW): The skill processes untrusted OOXML data. 1. Ingestion points: ooxml/scripts/unpack.py and ooxml/scripts/validation/docx.py. 2. Boundary markers: Absent. 3. Capability inventory: File system write access (via Zip extraction) and external command execution (soffice in pack.py). 4. Sanitization: Inconsistent usage of defusedxml and missing validation of ZIP entry paths.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:16 PM