Skills
skills/yamato-snow/skills/docx/Gen Agent Trust Hub

docx

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The file ooxml/scripts/unpack.py uses zipfile.ZipFile.extractall() without validating archive members, which is vulnerable to Zip Slip attacks, potentially allowing a malicious document to write files to arbitrary locations.
  • COMMAND_EXECUTION (MEDIUM): The file ooxml/scripts/pack.py uses subprocess.run to execute the soffice command, which is a command execution surface that depends on an external binary.
  • PROMPT_INJECTION (LOW): The skill has an indirect prompt injection surface. Ingestion points: ooxml/scripts/unpack.py (extracts docx/pptx/xlsx) and ooxml/scripts/validation/docx.py (parses XML). Boundary markers: None detected. Capability inventory: System command execution via soffice and file system access via packing/unpacking. Sanitization: Uses lxml.etree.parse in docx.py which may be vulnerable to XML External Entity (XXE) attacks if not explicitly hardened.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:44 PM