pptx-creating
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): Zip Slip vulnerability in ooxml/scripts/unpack.py. The script uses zipfile.extractall() without validating that the extracted file paths remain within the target directory. A malicious document could overwrite critical system files or place executable scripts in startup locations.
- [Indirect Prompt Injection] (HIGH): The skill has a significant attack surface for indirect prompt injection. It ingests untrusted content from OOXML files and possesses capabilities to modify the file system and execute external binaries. Evidence: Ingestion points in unpack.py and rearrange.py; No boundary markers or sanitization; Capabilities include subprocess.run and file write operations.
- [Data Exposure & Exfiltration] (MEDIUM): Potential XML External Entity (XXE) vulnerability in ooxml/scripts/validation/docx.py. The code uses lxml.etree.parse to process XML components of Office documents without disabling external entity resolution, which could be exploited to read local files.
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): Command execution of external binary. The script ooxml/scripts/pack.py executes 'soffice' via subprocess.run to validate documents. Processing complex file formats with a large external binary increases the risk of exploitation through malformed input.
Recommendations
- AI detected serious security threats
Audit Metadata