pptx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The script 'ooxml/scripts/pack.py' invokes 'soffice' (LibreOffice) via 'subprocess.run' for document validation. While the implementation avoids using 'shell=True', the execution of external binaries that process user-supplied file paths is a minor security concern.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted document data, creating an attack surface for data-driven exploits. Evidence: 1. Ingestion points: User-provided .docx, .pptx, and .xlsx files processed by 'unpack.py', 'validate.py', and 'rearrange.py'. 2. Boundary markers: The scripts do not implement delimiters or instructions to ignore embedded malicious content within the XML files. 3. Capability inventory: The skill has the ability to read/write files and execute external processes. 4. Sanitization: Inconsistent application of security measures. While 'defusedxml' is used in some scripts, 'ooxml/scripts/validation/docx.py' uses standard 'lxml.etree.parse' without explicit entity resolution hardening, which could potentially expose the system to XML External Entity (XXE) attacks if processing a specially crafted malicious document.
Audit Metadata