pptx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (HIGH): Zip Slip vulnerability in
ooxml/scripts/unpack.py. The script useszipfile.ZipFile.extractall()on user-provided documents without path validation, allowing an attacker to write files to arbitrary locations via path traversal. - Evidence:
ooxml/scripts/unpack.pyline 17 - REMOTE_CODE_EXECUTION (HIGH): Indirect Prompt Injection surface. The skill ingests untrusted OOXML data and possesses write/execute capabilities. A malicious document could exploit the Zip Slip vulnerability to overwrite skill scripts or system files to achieve code execution.
- Ingestion points:
ooxml/scripts/unpack.pyextracts external ZIP/OOXML content. - Boundary markers: Absent.
- Capability inventory: File writes (
extractall), XML manipulation, and subprocess execution (soffice). - Sanitization: Absent for ZIP paths; inconsistent for XML (uses
lxmlinstead ofdefusedxmlindocx.py). - DATA_EXFILTRATION (MEDIUM): XXE (XML External Entity) vulnerability in
ooxml/scripts/validation/docx.py. The use oflxml.etree.parse()without disabling entity resolution allows an attacker to read local files or trigger SSRF requests via malicious XML. - Evidence:
ooxml/scripts/validation/docx.pylines 92, 127 - COMMAND_EXECUTION (LOW): Subprocess call to
sofficeinooxml/scripts/pack.py. While the call structure is generally safe, it introduces a dependency on the security and behavior of an external office suite when processing untrusted files. - Evidence:
ooxml/scripts/pack.pyline 106
Recommendations
- AI detected serious security threats
Audit Metadata