PowerPoint Suite
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The scripts
ooxml/scripts/unpack.pyandooxml/scripts/validation/docx.pyusezipfile.extractall()to extract contents from Office documents without path validation. This Zip Slip vulnerability allows a malicious archive to overwrite files outside the target directory (e.g., using../../), potentially leading to system compromise. - Data Exposure & Exfiltration (MEDIUM):
ooxml/scripts/validation/docx.pyutilizeslxml.etree.parse()to process XML content. The lack of explicit configuration to disable DTDs and external entities makes the skill vulnerable to XXE attacks, which can be used to disclose local files. - Indirect Prompt Injection (LOW): The skill lacks sanitization for the content of processed documents. Mandatory Evidence: 1. Ingestion points:
ooxml/scripts/unpack.pyandooxml/scripts/validate.py. 2. Boundary markers: Absent. 3. Capability inventory:subprocess.run(inpack.py) and file system writes (inunpack.pyandrearrange.py). 4. Sanitization: None. - Dynamic Execution (MEDIUM): In
ooxml/scripts/unpack.pyandooxml/scripts/pack.py,xml.dom.minidomis used for parsing. This parser is vulnerable to XML entity expansion (e.g., 'Billion Laughs'), which can cause denial of service through memory exhaustion.
Recommendations
- AI detected serious security threats
Audit Metadata