pptx
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (HIGH): Path Traversal (ZipSlip) vulnerability detected in multiple locations.\n
- Evidence (ooxml/scripts/unpack.py): The script uses
zipfile.ZipFile(input_file).extractall(output_path)on user-provided Office documents.\n - Evidence (ooxml/scripts/validation/docx.py): The function
count_paragraphs_in_originalalso useszip_ref.extractall(temp_dir).\n - Risk: Malicious ZIP archives (which Office files are) can contain filenames with path traversal sequences (e.g.,
../../) that allow an attacker to overwrite arbitrary files on the system during extraction, potentially leading to remote code execution or system compromise.\n- DATA_EXFILTRATION (MEDIUM): Potential XML External Entity (XXE) vulnerability inooxml/scripts/validation/docx.py.\n - Evidence: The code uses
lxml.etree.parse(str(xml_file))to process XML components. Unlike thedefusedxmllibrary used elsewhere in the skill,lxml.etreeby default may resolve external entities.\n - Risk: An attacker providing a crafted document could use malicious XML to read local system files or perform Server-Side Request Forgery (SSRF) when the agent validates the document.\n- COMMAND_EXECUTION (MEDIUM): Subprocess execution of an external office suite in
ooxml/scripts/pack.py.\n - Evidence: The
validate_documentfunction executessoffice(LibreOffice) viasubprocess.runto perform conversion checks.\n - Risk: While the script uses a list of arguments to mitigate shell injection, processing untrusted complex file formats with a large office suite exposes the agent to vulnerabilities within the suite's own parsers.
Recommendations
- AI detected serious security threats
Audit Metadata