docx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Command Execution (MEDIUM): The file 'ooxml/scripts/pack.py' uses 'subprocess.run' to execute 'soffice' for document validation. While intended for headless conversion, calling external binaries with document paths introduces risk.- Path Traversal / ZipSlip (MEDIUM): The file 'ooxml/scripts/unpack.py' uses 'zipfile.ZipFile.extractall()' on input Office files without validating that the archive members do not contain path traversal characters (e.g., '../../'). This allow a malicious document to overwrite files outside the target directory.- Indirect Prompt Injection (LOW): This skill provides a surface for indirect injection via malicious Office documents.
- Ingestion points: 'ooxml/scripts/unpack.py' (extracts user-provided files).
- Boundary markers: Absent.
- Capability inventory: Subprocess execution in 'ooxml/scripts/pack.py' and file system writes in 'ooxml/scripts/unpack.py'.
- Sanitization: The skill uses 'defusedxml' for some XML parsing but lacks sanitization for zip member paths and uses standard 'lxml' in 'ooxml/scripts/validation/docx.py'.- XML External Entity (XXE) Risk (LOW): In 'ooxml/scripts/validation/docx.py', 'lxml.etree.parse()' is used to process XML components. Unlike 'defusedxml' used elsewhere, 'lxml' is not inherently hardened against XXE unless explicitly configured, which could lead to local file disclosure if malicious XML is processed.
Audit Metadata