docx
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (LOW): The script ooxml/scripts/pack.py uses subprocess.run to execute the soffice command for document validation. This is an intended capability but involves spawning external processes with file paths provided as arguments.
- Indirect Prompt Injection (LOW): The skill ingests untrusted Office documents and extracts their XML content, which could contain malicious instructions. 1. Ingestion points: ooxml/scripts/unpack.py extracts contents of supplied Office files. 2. Boundary markers: None. Extracted XML is read and modified directly. 3. Capability inventory: File writing via zipfile, XML manipulation, and command execution via soffice. 4. Sanitization: Uses defusedxml to mitigate XXE. However, unpack.py uses zipfile.extractall without validating member paths, which is a potential ZipSlip (Path Traversal) vulnerability surface.
- Safe (SAFE): The code consistently uses defusedxml for XML parsing in unpack.py and pack.py, which is a recommended practice to prevent XML External Entity (XXE) attacks.
Audit Metadata