docx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Zip Slip Vulnerability (MEDIUM): In ooxml/scripts/unpack.py, the skill uses zipfile.ZipFile.extractall() on user-provided Office files. A maliciously crafted file containing path traversal sequences could overwrite arbitrary files on the host system.
- XML External Entity (XXE) Exposure (MEDIUM): In ooxml/scripts/validation/docx.py, the script uses lxml.etree.parse() to read XML content. Without explicit security configuration, lxml may resolve external entities, potentially leading to local file disclosure or SSRF.
- Command Execution (LOW): The file ooxml/scripts/pack.py executes the soffice command using subprocess.run. This intended capability introduces a dependency on external binaries.
- Indirect Prompt Injection Surface (LOW): The skill ingests untrusted data from Office files (Ingestion: ooxml/scripts/unpack.py) without boundary markers. It has the capability to run subprocesses (Capability: ooxml/scripts/pack.py) and lacks thorough sanitization for data passed to lxml (Sanitization: Absent).
Audit Metadata