pptx
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The file
ooxml/scripts/pack.pycontains avalidate_documentfunction that usessubprocess.runto execute thesoffice(LibreOffice) command. While this is used for validating the integrity of generated Office files, spawning subprocesses to handle untrusted data paths represents a potential security risk if the environment is not properly isolated. - EXTERNAL_DOWNLOADS (LOW): The skill depends on several external Python libraries including
lxml,defusedxml,python-pptx, andsix. While these are standard packages, they must be verified in the target environment. - SAFE (SAFE): The implementation demonstrates security awareness by using
defusedxml.minidominooxml/scripts/pack.pyandooxml/scripts/unpack.pyinstead of the standardxml.dom.minidom, which effectively mitigates XML External Entity (XXE) vulnerabilities. - [Indirect Prompt Injection] (LOW): The skill processes untrusted Office documents which can serve as a vector for indirect prompt injection if the agent interprets text content from these files as instructions.
- Ingestion points:
ooxml/scripts/unpack.py(unpacks arbitrary ZIP/Office files) andscripts/rearrange.py(reads PPTX templates). - Boundary markers: Absent. The scripts do not implement specific delimiters or warnings for the agent when processing document text.
- Capability inventory: File system write access (
zipfile.write), subprocess execution (sofficeconversion). - Sanitization: The skill uses
defusedxmlto sanitize the XML structure against parser-level attacks, but it does not sanitize the natural language content for embedded instructions.
Audit Metadata