docx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The validate_document function in ooxml/scripts/pack.py uses subprocess.run to call the soffice (LibreOffice) binary. This execution occurs on documents generated from XML files that may have been modified or provided by untrusted sources, creating a risk if soffice has vulnerabilities.
- [DATA_EXPOSURE] (HIGH): The ooxml/scripts/unpack.py script uses zipfile.ZipFile.extractall() without verifying that the paths within the ZIP archive are safe. A malicious Office document could include filenames with ../ to perform a Zip Slip attack, overwriting sensitive files on the host system.
- [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill's primary function is to process untrusted external data (OOXML files). In ooxml/scripts/validation/docx.py, lxml.etree.parse is used to process these XML files without explicit hardening against XML External Entity (XXE) or expansion attacks, which could lead to resource exhaustion or information disclosure.
Recommendations
- AI detected serious security threats
Audit Metadata