docx
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Multiple scripts execute system-level commands via the subprocess module. scripts/office/soffice.py invokes gcc for compilation and soffice for document processing. scripts/accept_changes.py also runs soffice, while scripts/office/validators/redlining.py executes git diff for comparing document content.
- [REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py performs dynamic code generation and process injection. It writes an embedded C source string to a temporary file, compiles it into a shared library using gcc, and forces the library to be loaded into the LibreOffice process using the LD_PRELOAD environment variable. While this is used to shim socket operations for compatibility in sandboxed environments, the ability to compile and inject code at runtime represents a significant security capability that could be used to bypass process boundaries.
Audit Metadata