AgentReadyHomeAgent Listing

← docx

docx — agentic threat model

8.4AIVSS 8.4 · High

The docx agent presents moderate-to-high risk due to its execution of local Python scripts, LibreOffice, and pandoc on untrusted document files, making it susceptible to XML External Entity (XXE) injection, zip bombs, and remote code execution if not strictly sandboxed.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 0.59Factor sum 2.7/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.50
Self-Modification
0.00
Dynamic Tool Use
0.70
Persistent Memory
0.10
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The listing mentions 'Anthropic's official skill' but does not specify the exact underlying Claude model. Standard LLM threats like prompt injection leading to malicious XML generation or script execution apply.

L2 · Data Operations✓ mapped

The agent reads and writes .docx files, unpacks XML, and manages images. This introduces significant data operations risks, including processing untrusted/malicious documents that could contain XML External Entity (XXE) payloads, zip bombs, or malicious embedded macros.

L3 · Agent Frameworks✓ mapped

The agent uses docx-js and bundled Python scripts (unpack.py, pack.py, accept_changes.py, comment.py, soffice.py) to orchestrate document manipulation. Threats include tool misuse, command injection via malformed arguments passed to Python scripts, or insecure handling of file paths.

L4 · Deployment & Infrastructure✓ mapped

The agent runs LibreOffice (soffice.py) and pandoc conversions alongside Python scripts. If the hosting environment is not strictly sandboxed, running these heavy external binaries on untrusted user inputs poses severe remote code execution (RCE) and local file disclosure risks.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No details are provided regarding logging, guardrails, or evaluation metrics for document generation or script execution.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No explicit mention of identity, authorization, access control policies, or compliance frameworks (e.g., SOC2, ISO) for file access.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The skill is described as a standalone tool/skill for document manipulation; there is no mention of multi-agent coordination or marketplace interactions.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).