docx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (MEDIUM): The file 'ooxml/scripts/unpack.py' uses
zipfile.ZipFile.extractall()to extract user-provided Office documents. This method is susceptible to 'Zip Slip' path traversal attacks, where a malicious ZIP archive containing filenames with '../' sequences could overwrite or create files outside the intended target directory. - COMMAND_EXECUTION (LOW): The script 'ooxml/scripts/pack.py' executes the 'soffice' (LibreOffice) binary via
subprocess.runto perform document validation. While not a direct remote code execution vulnerability, invoking complex external system binaries to process untrusted data introduces unnecessary risks to the host environment. - PROMPT_INJECTION (LOW): As a tool that processes external files, the skill provides a surface for indirect prompt injection if the agent subsequently reads the extracted XML content without sanitization. Mandatory evidence chain: 1) Ingestion point: 'ooxml/scripts/unpack.py' extracts contents of untrusted Office files. 2) Boundary markers: None present. 3) Capability inventory: 'subprocess.run' (pack.py), file system write (unpack.py). 4) Sanitization: Uses 'defusedxml' to prevent XXE, but lacks sanitization for text content inside XML nodes.
Audit Metadata