pptx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted Office Open XML files, which can serve as a vector for indirect instructions.
- Ingestion points: ooxml/scripts/unpack.py (zip extraction) and ooxml/scripts/validation/docx.py (XML parsing).
- Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded content in processed documents.
- Capability inventory: The skill can execute system commands via subprocess (pack.py) and perform file system writes (unpack.py/pack.py).
- Sanitization: The skill correctly uses defusedxml for primary parsing tasks, though lxml in the validation script lacks explicit resolve_entities=False hardening.
- Unverifiable Dependencies & Remote Code Execution (LOW): The script ooxml/scripts/pack.py utilizes subprocess.run to invoke the soffice binary for document validation. While the arguments are constrained, the use of an external suite like LibreOffice to process untrusted files increases the system's attack surface.
Audit Metadata