docx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The script ooxml/scripts/pack.py executes the soffice (LibreOffice) binary via subprocess.run to perform document conversion for validation. Executing system commands with user-provided file paths poses a risk if not properly sandboxed.\n- REMOTE_CODE_EXECUTION (MEDIUM): The scripts ooxml/scripts/unpack.py and ooxml/scripts/validation/docx.py use zipfile.extractall() to unpack Office documents. This method is vulnerable to 'Zip Slip' attacks, where a malicious archive contains files with directory traversal paths (e.g., ../../) designed to overwrite files outside the target directory.\n- PROMPT_INJECTION (LOW): Indirect Prompt Injection Risk (Category 8). The skill is designed to ingest and process external OOXML data. \n
- Ingestion points: input_file in ooxml/scripts/unpack.py and original_file in ooxml/scripts/validate.py.\n
- Boundary markers: None identified in the XML parsing or extraction logic.\n
- Capability inventory: Subprocess execution (soffice), file system write access (extractall), and file system read access.\n
- Sanitization: The skill uses defusedxml in some areas, but ooxml/scripts/validation/docx.py utilizes lxml.etree.parse without specific configurations to disable entity resolution, leaving it potentially vulnerable to XML External Entity (XXE) attacks.
Audit Metadata