docx
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill performs dynamic execution by generating C source code at runtime and compiling it using gcc in
scripts/office/soffice.py. The resulting shared library is injected into the LibreOffice process via the LD_PRELOAD environment variable.\n- [COMMAND_EXECUTION]: High-risk command execution is present through the use of system binaries.\n * Evidence: The skill callssubprocess.runto executegcc,soffice,git, andpdftoppminsoffice.py,accept_changes.py, andredlining.py.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through document data ingestion.\n * Ingestion points: Word document XML content processed fromword/document.xmlby theunpack.pyscript.\n * Boundary markers: Absent.\n * Capability inventory: The skill can execute arbitrary system commands (soffice,gcc) and write to the local filesystem.\n * Sanitization: The skill employsdefusedxmlto mitigate XML external entity (XXE) attacks during parsing.
Audit Metadata