docx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): Zip Slip vulnerability in
ooxml/scripts/unpack.py. The script useszipfile.ZipFile(input_file).extractall(output_path)without validating member paths. A malicious Office document (ZIP archive) containing path traversal filenames (e.g.,../../target) can overwrite arbitrary files on the system. - Dynamic Execution (MEDIUM): Insecure XML parsing using
lxmlinooxml/scripts/validation/docx.py.lxml.etree.parse()is used on extracted XML files without disabling entity resolution, creating a potential vector for XML External Entity (XXE) attacks. - Unverifiable Dependencies & Remote Code Execution (MEDIUM): External command execution of
soffice.ooxml/scripts/pack.pycallssubprocess.run(["soffice", ...]). Reliance on external binaries increases the attack surface if the binary is compromised or vulnerable. - Indirect Prompt Injection (HIGH): The skill processes untrusted Office documents, providing a significant attack surface for indirect injection.
- Ingestion points:
ooxml/scripts/unpack.pyaccepts external Office files for processing. - Boundary markers: None identified; the skill directly extracts and parses internal XML components.
- Capability inventory: Includes file system extraction (
zipfile), file modification, and external command execution (soffice). - Sanitization: Inconsistent; while
defusedxmlis used in some scripts,lxmlandzipfileusage is unsafe.
Recommendations
- AI detected serious security threats
Audit Metadata