Skills
skills/zhangcurosr/anthropics_skills/docx/Gen Agent Trust Hub

docx

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): Vulnerability to Zip Slip in ooxml/scripts/unpack.py.
  • Evidence: The script uses zipfile.ZipFile(input_file).extractall(output_path) without validating that the filenames inside the ZIP archive do not contain path traversal sequences (e.g., ../../).
  • Impact: A maliciously crafted .docx, .pptx, or .xlsx file could overwrite sensitive files (like .bashrc or application code) on the agent's filesystem when processed.
  • [COMMAND_EXECUTION] (MEDIUM): Unsafe system command invocation in ooxml/scripts/pack.py.
  • Evidence: The validate_document function executes subprocess.run(["soffice", ...]) to convert documents to HTML.
  • Impact: While the use of a list for arguments prevents basic shell injection, the execution of complex external binaries on untrusted inputs increases the attack surface of the agent environment.
  • [DATA_EXPOSURE_AND_EXFILTRATION] (INFO): The skill handles potentially sensitive documents.
  • Observation: The skill is designed to unpack, modify, and repack Office documents. While no active exfiltration was detected, the lack of path sanitization during unpacking is the primary risk factor for data integrity and system security.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): Vulnerability via untrusted data ingestion.
  • Ingestion points: ooxml/scripts/unpack.py accepts external Office files from the agent context.
  • Boundary markers: None. The skill extracts all contents of the zip archive directly.
  • Capability inventory: zipfile.extractall (write), shutil.copytree (write), subprocess.run (execute).
  • Sanitization: Uses defusedxml for XML parsing (safe), but lacks path validation for file extraction (unsafe).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:28 AM