docx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): Unsafe archive extraction. In ooxml/scripts/unpack.py and ooxml/scripts/validation/docx.py, the use of zipfile.ZipFile.extractall() on user-provided Office documents is vulnerable to Zip Slip attacks. Maliciously crafted documents containing relative path sequences can overwrite files outside the intended extraction directory.
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability. The skill ingests and processes external OOXML documents without sanitization or boundary markers. Malicious instructions embedded in document XML structures or body text could influence the behavior of an agent using this skill to analyze or modify the content.
- [COMMAND_EXECUTION] (MEDIUM): Execution of external binaries on untrusted input. The pack.py script uses subprocess.run to execute soffice (LibreOffice) for validation. Processing untrusted office files with complex suites like LibreOffice increases the attack surface due to historical vulnerabilities in file parsers.
- [DATA_EXFILTRATION] (MEDIUM): Potential XML External Entity (XXE) vulnerability. The docx.py script uses lxml.etree.parse() without disabling external entity resolution, which could allow an attacker to read local files or probe internal network resources via a crafted XML file.
Recommendations
- AI detected serious security threats
Audit Metadata