Skills
skills/krafton-ai/kira/docx/Gen Agent Trust Hub

docx

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The script ooxml/scripts/pack.py executes the system command soffice (LibreOffice) to validate documents. Evidence: subprocess.run(['soffice', '--headless', ...]) in validate_document function. Risk: If an attacker can control the file path or content, they might exploit vulnerabilities in LibreOffice, although command injection via shell is mitigated by using argument lists.
  • [DATA_EXFILTRATION] (MEDIUM): The skill is vulnerable to XML External Entity (XXE) attacks because it uses lxml.etree.parse without disabling entity resolution when validating Word documents. Evidence: lxml.etree.parse(str(xml_file)) in ooxml/scripts/validation/docx.py. Risk: A malicious XML file within a .docx package could be used to read local files or perform server-side request forgery (SSRF).
  • [COMMAND_EXECUTION] (MEDIUM): The unpacking logic uses zipfile.extractall() without path validation or filters, making it susceptible to Zip Slip (path traversal) attacks. Evidence: zipfile.ZipFile(input_file).extractall(output_path) in ooxml/scripts/unpack.py. Risk: A malicious ZIP file with '../' in its filenames could overwrite sensitive files outside the intended directory.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 06:07 AM