Skills
skills/swn94/claude-scientific-skills/docx/Gen Agent Trust Hub

docx

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • COMMAND_EXECUTION (HIGH): Unsafe ZIP extraction in ooxml/scripts/unpack.py and ooxml/scripts/validation/docx.py. The use of zipfile.ZipFile.extractall() without path validation is vulnerable to Zip Slip, enabling path traversal and arbitrary file overwrite via malicious ZIP entries.
  • DATA_EXFILTRATION (HIGH): XXE vulnerability in ooxml/scripts/validation/docx.py. The script uses lxml.etree.parse() on untrusted XML files within the OOXML package without disabling entity resolution, which can be exploited for local file disclosure or SSRF.
  • COMMAND_EXECUTION (MEDIUM): Subprocess execution of soffice in ooxml/scripts/pack.py. The skill invokes the LibreOffice binary on attacker-controlled document data, which presents a significant attack surface for binary exploitation.
  • INDIRECT_PROMPT_INJECTION (HIGH): High capability surface with untrusted data ingestion. Evidence Chain: (1) Ingestion: Untrusted Office files in unpack.py and docx.py. (2) Boundaries: No instruction boundary markers or sanitization. (3) Capabilities: subprocess.run (soffice) and zipfile write operations. (4) Sanitization: Missing for path traversal and XML entities.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:50 AM