pptx-processing-anthropic
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The unpacking logic in 'ooxml/scripts/unpack.py' is vulnerable to a 'Zip Slip' path traversal attack. It uses 'zipfile.ZipFile(input_file).extractall(output_path)' without validating member paths. A malicious document can contain files with '../' sequences to overwrite arbitrary files on the local filesystem.
- COMMAND_EXECUTION (MEDIUM): Insecure XML parsing in 'ooxml/scripts/validation/docx.py'. The validator uses 'lxml.etree.parse()' without explicitly disabling external entity resolution. This exposes the agent to XML External Entity (XXE) attacks if it processes a crafted document, potentially leading to local file disclosure or SSRF.
- PROMPT_INJECTION (HIGH): The skill possesses a significant indirect prompt injection surface. It is designed to ingest and unpack untrusted external documents (.docx, .pptx, .xlsx) and provide the content to an agent. The lack of strict boundary markers and the presence of write/execute capabilities (file system access and soffice execution) make this a high-risk capability when handling untrusted data.
- EXTERNAL_DOWNLOADS (LOW): The skill relies on external libraries including python-pptx, lxml, and defusedxml. While these are common libraries, they are used here in a manner that does not mitigate all security risks.
Recommendations
- AI detected serious security threats
Audit Metadata