pptx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The 'ooxml/scripts/pack.py' script uses 'subprocess.run' to call 'soffice' for document validation. It uses a fixed argument list and avoids 'shell=True', which limits injection risks.\n- [PROMPT_INJECTION] (LOW): The skill possesses an Indirect Prompt Injection surface (Category 8). Evidence Chain: 1. Ingestion points: 'ooxml/scripts/unpack.py' and 'ooxml/scripts/validate.py' read untrusted OOXML files. 2. Boundary markers: No delimiters or warnings are used when processing document text. 3. Capability inventory: 'subprocess.run', 'zipfile.write', and slide manipulation via 'python-pptx'. 4. Sanitization: 'defusedxml' is used for XML parsing, but the skill does not sanitize natural language content that may contain malicious instructions.\n- [SAFE] (SAFE): The implementation uses 'defusedxml' in several scripts to mitigate XML External Entity (XXE) vulnerabilities, which is a recommended security practice.\n- [SAFE] (LOW): The use of 'zipfile.extractall()' in 'ooxml/scripts/unpack.py' is vulnerable to 'Zip Slip' attacks if a malicious document contains files with path traversal sequences. Furthermore, 'ooxml/scripts/validation/docx.py' uses 'lxml.etree.parse' which may resolve entities unless explicitly configured otherwise by the environment.
Audit Metadata