pptx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The scripts
ooxml/scripts/unpack.pyandooxml/scripts/validation/docx.pyusezipfile.ZipFile.extractall()to unpack Office documents. This method is vulnerable to Zip Slip (path traversal via archive members) if the input file is maliciously crafted with relative path sequences like.., potentially allowing an attacker to write files outside the intended directory. - COMMAND_EXECUTION (LOW): The
ooxml/scripts/pack.pyscript usessubprocess.runto call thesofficebinary (LibreOffice) for document validation. While it uses a list for arguments which mitigates shell injection, it introduces a dependency on an external system tool. - DATA_EXFILTRATION (SAFE): No evidence of unauthorized network activity or hardcoded credentials was found. The skill operates locally on provided files.
- PROMPT_INJECTION (SAFE): No logic was found that would allow for direct manipulation of the agent's system prompt or behavior via the script inputs.
- INDIRECT_PROMPT_INJECTION (LOW): As the skill is designed to process external documents, it is inherently susceptible to indirect prompt injection if the processed content is later consumed by the AI agent without proper sanitization.
- Ingestion points:
ooxml/scripts/unpack.py(line 14) andooxml/scripts/validation/docx.py(line 178) - Boundary markers: Absent
- Capability inventory:
subprocess.run(pack.py:99), arbitrary file writes (unpack.py:20) - Sanitization:
defusedxmlis used for XML structure, but no sanitization is applied to archive member paths or text content.
Audit Metadata