pptx
Warn
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/office/soffice.pyperforms runtime compilation of a C library. It writes source code to a temporary file, compiles it usinggcc, and then uses theLD_PRELOADenvironment variable to inject the resulting shared object into the LibreOffice (soffice) process. This mechanism is designed to shim system socket calls in restricted environments. - [COMMAND_EXECUTION]: Several scripts in the skill execute system utilities via
subprocess.run. This includessofficefor document conversion inscripts/office/soffice.pyandscripts/thumbnail.py,pdftoppmfor thumbnail generation inscripts/thumbnail.py, andgitfor tracked changes validation inscripts/office/validators/redlining.py. - [EXTERNAL_DOWNLOADS]: The skill documentation lists several required external dependencies that are not included with the skill itself. These include system utilities like
LibreOfficeandpoppler-utils, as well as several Python and Node.js packages that must be installed viapipornpm.
Audit Metadata