docx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The file
ooxml/scripts/pack.pyusessubprocess.runto execute thesoffice(LibreOffice) command. While the arguments are structured, processing untrusted Office files through a complex external suite like LibreOffice increases the attack surface for document-based exploits. - [DATA_EXPOSURE] (HIGH): In
ooxml/scripts/unpack.py, the script useszipfile.ZipFile(input_file).extractall(output_path)without validating the member names within the ZIP archive. This exposes the system to a 'Zip Slip' attack, where a maliciously crafted document could contain relative paths (e.g.,../../etc/passwd) to overwrite arbitrary files on the host system. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is specifically designed to ingest and process untrusted external data in the form of Office documents.
- Ingestion points:
ooxml/scripts/unpack.pyandooxml/scripts/validate.pyingest.docx,.pptx, and.xlsxfiles. - Boundary markers: None. The skill parses raw XML content from the archives.
- Capability inventory: The skill possesses file-system write capabilities (via
extractall) and external command execution capabilities (viasoffice). - Sanitization: Although the skill uses
defusedxmlto prevent XML External Entity (XXE) attacks, it lacks sanitization for the ZIP file structure itself.
Recommendations
- AI detected serious security threats
Audit Metadata