docx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- DATA_EXFILTRATION (HIGH): Path Traversal (Zip Slip) vulnerability in ooxml/scripts/unpack.py. The use of zipfile.ZipFile.extractall() without path validation allows malicious Office files to write to arbitrary locations outside the target directory.
- PROMPT_INJECTION (HIGH): Indirect Prompt Injection surface. (1) Ingestion point: ooxml/scripts/unpack.py extracts XML from external docx/pptx/xlsx files. (2) Boundary markers: None present. (3) Capability inventory: Subprocess execution of soffice and file system write operations. (4) Sanitization: No filtering or escaping of document content is performed before data enters the agent context.
- DATA_EXFILTRATION (MEDIUM): Potential XML External Entity (XXE) vulnerability in ooxml/scripts/validation/docx.py. The script uses lxml.etree.parse to process XML files without explicitly disabling entity resolution, which could be exploited to read sensitive local files.
- COMMAND_EXECUTION (MEDIUM): Subprocess execution of soffice in ooxml/scripts/pack.py. The tool runs an external binary on potentially malicious document files to validate them, introducing risks associated with processing complex file formats via system-level commands.
Recommendations
- AI detected serious security threats
Audit Metadata