pptx
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill is vulnerable to 'Zip Slip' (directory traversal during extraction) in
ooxml/scripts/unpack.pyandooxml/scripts/validation/docx.py. The use ofzipfile.ZipFile.extractall()on untrusted input files without validating member paths allows an attacker to create a crafted Office document that overwrites arbitrary files on the system when unpacked. - [COMMAND_EXECUTION] (MEDIUM): In
ooxml/scripts/pack.py, the script executes thesoffice(LibreOffice) binary usingsubprocess.run. While it uses an argument list, the inclusion of a user-controllable file path (doc_path) without strict validation creates a surface for argument injection if the filename is maliciously crafted (e.g., starting with a dash). - [DATA_EXFILTRATION] (MEDIUM): The
DOCXSchemaValidatorinooxml/scripts/validation/docx.pyuseslxml.etree.parse()to process XML components. Unlike thedefusedxmlused elsewhere in the skill,lxmlcan be susceptible to XML External Entity (XXE) attacks depending on the environment's default settings, potentially allowing an attacker to read local files via a malicious.docxfile. - [SAFE] (INFO): The skill correctly uses
defusedxmlfor its primary XML formatting tasks inunpack.pyandpack.py, mitigating standard XXE risks in those specific operations.
Recommendations
- AI detected serious security threats
Audit Metadata