Skills
skills/dfk1352/libreoffice-skills/libreoffice-writer/Gen Agent Trust Hub

libreoffice-writer

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill launches the LibreOffice process (soffice or libreoffice) using subprocess.Popen to perform document operations. This is standard behavior for skills utilizing the UNO bridge.
  • Evidence: scripts/uno_bridge.py contains the logic for finding and starting the LibreOffice binary.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it reads text content and metadata from documents without sanitization or boundary markers. This could allow hidden instructions in documents to influence the agent's actions.
  • Ingestion points: scripts/writer/core.py (read_document_text) and scripts/writer/metadata.py (get_metadata).
  • Boundary markers: Absent for processed document content.
  • Capability inventory: Subprocess execution via uno_bridge.py and file writing operations in core.py, tables.py, and snapshot.py.
  • Sanitization: None performed on document text or metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 03:34 AM