pptx
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The script
ooxml/scripts/unpack.pyuseszipfile.ZipFile.extractall()on user-provided documents without path validation. This implementation is vulnerable to 'Zip Slip', allowing a malicious document with path traversal characters to overwrite arbitrary files on the system. - Dynamic Execution (MEDIUM): The
ooxml/scripts/pack.pyscript executes thesoffice(LibreOffice) binary viasubprocess.runto validate documents. Processing untrusted documents with a complex application like LibreOffice increases the attack surface for the host environment. - Indirect Prompt Injection (LOW): The skill processes untrusted XML content from Office documents. While some components use
defusedxml,ooxml/scripts/validation/docx.pyuseslxml.etree.parse()which is not explicitly hardened against XML External Entity (XXE) attacks. (Evidence: 1. Ingestion points:ooxml/scripts/unpack.pyandooxml/scripts/validation/docx.py. 2. Boundary markers: None. 3. Capability inventory:subprocess.runinpack.py,zipfile.ZipFile.writeinpack.py,shutil.copy2inrearrange.py. 4. Sanitization: Partial use of defusedxml.)
Recommendations
- AI detected serious security threats
Audit Metadata