pptx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Detected a surface for Indirect Prompt Injection (Category 8). The skill processes untrusted Office documents and extracts text content for structural validation logs.
- Ingestion points:
ooxml/scripts/unpack.pyandooxml/scripts/validation/docx.py(viaxml_filesfound in the unpacked directory). - Boundary markers: Absent. The text extracted from XML nodes is printed directly to the console output.
- Capability inventory:
subprocess.run(executing LibreOffice),shutil.copytree, and recursive file write operations. - Sanitization: The skill uses
defusedxmlfor XML parsing which prevents XML External Entity (XXE) attacks, but it does not sanitize or escape the natural language text extracted from documents before it is displayed to the agent. - [COMMAND_EXECUTION] (SAFE): The
ooxml/scripts/pack.pyscript executes thesoffice(LibreOffice) binary viasubprocess.run. This is used exclusively for headless document validation (converting the output to HTML to ensure it isn't corrupt) and uses a static command structure with local file paths.
Audit Metadata