docx
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- Dynamic Execution (HIGH):
scripts/office/soffice.pygenerates C source code at runtime, compiles it into a shared library usinggcc, and injects it into thesofficeprocess environment viaLD_PRELOAD. This is a sophisticated injection technique typically scrutinized in security audits. - Command Execution (HIGH): The skill invokes several system-level binaries including
gcc(for compilation),git(for diffing document text), andsoffice(LibreOffice) to process documents. These operations depend on the availability and security of the host environment's toolchain. - Dynamic Code Generation (MEDIUM):
scripts/accept_changes.pydynamically creates and writes a LibreOffice Basic macro to a configuration directory at runtime to automate the acceptance of tracked changes in Word documents. - Indirect Prompt Injection (LOW): The skill is designed to ingest and process external Office documents (DOCX, PPTX). While it utilizes
defusedxmlto protect against XML External Entity (XXE) attacks, the document content constitutes a surface for indirect prompt injection if the agent interprets text from these files as instructions. - Safe XML Handling (SAFE): The skill correctly uses the
defusedxmllibrary andlxmlwith appropriate caution to handle XML parsing, which mitigates standard XML-based vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata