libreoffice-impress
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
subprocessmodule to interface with the LibreOffice binary. Inscripts/uno_bridge.py,subprocess.Popenis used to start the LibreOffice process in headless mode to establish a UNO connection. Inscripts/impress/snapshot.py,subprocess.runis used to invoke the LibreOffice CLI for converting presentation slides to PNG images. While the binaries are auto-detected and inputs are primarily file paths, this pattern involves executing system-level processes. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts content from external presentation files without sanitization.
- Ingestion points: Functions like
get_slide_inventory(scripts/impress/slides.py),get_notes(scripts/impress/notes.py), andfind_replace(scripts/impress/find_replace.py) extract text content from presentation shapes and notes. - Boundary markers: Absent; the skill does not use delimiters or instructions to isolate or ignore embedded commands within the extracted text.
- Capability inventory: The skill can execute system commands (via the LibreOffice CLI), modify the file system (store/save), and access arbitrary file paths provided by the user.
- Sanitization: Absent; extracted text content is passed directly to the agent's context without validation or filtering.
- [SAFE]: No obfuscation, hardcoded credentials, or unauthorized network operations were detected in the skill's implementation.
Audit Metadata