doc
Safety Score
Detected Capabilities
Sensitive Files
- Clean filesystem scan
Deep Audit Findings
The skill relies on a Python script to render DOCX files by invoking a full LibreOffice instance and parsing XML. The primary security risk is the use of the standard Python `xml.etree.ElementTree` library to parse `document.xml` from the DOCX container, which is vulnerable to XML Denial of Service (Billion Laughs attack) if a malicious file is processed. Additionally, the tool invokes complex external binaries (`soffice`, `pdftoppm`) on potentially untrusted input, representing a significant attack surface for memory corruption exploits. The static finding for `schemas.openxmlformats.org` is a false positive; it is an XML namespace URI, not a network call.
Insecure XML Parsing (Potential DoS)
The script manually parses the internal `word/document.xml` of a DOCX file using Python's standard `xml.etree.ElementTree`. This library is not secure against maliciously constructed data (e.g., XML bombs/Billion Laughs attacks), which can lead to memory exhaustion and crash the agent.
Unrestricted Output Directory Write
The script allows specifying an arbitrary `--output_dir` or defaults to writing adjacent to the input file. If the agent controls the arguments poorly or runs as a privileged user, this could overwrite sensitive files on the file system.
Attack Surface Chain
Attacker uploads a malicious DOCX file containing an XML bomb (nested entities) in `word/document.xml`.
Agent calls `scripts/render_docx.py` to render the document.
Script extracts and passes the XML content to `ET.fromstring()`.
XML parser expands entities exponentially, consuming available memory.
Agent process crashes (Denial of Service).