hwpx
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION]: The script
scripts/office/soffice.pycontains a hardcoded C source code string (_SHIM_SOURCE) which is written to a temporary file and compiled into a shared object (.so) at runtime usinggcc. The resulting binary is then injected into the LibreOffice (soffice) process using theLD_PRELOADenvironment variable to intercept and modify system calls. - [COMMAND_EXECUTION]: Multiple scripts, including
scripts/convert_hwp.py,scripts/convert_to_pdf.py, andscripts/office/soffice.py, usesubprocess.runto execute external binary commands such asgccandsofficewith arguments derived from input parameters. - [REMOTE_CODE_EXECUTION]: The skill documentation in
SKILL.mdpromotes the installation and execution of the@ssabrojs/hwpxjspackage vianpmandnpx, which involves downloading and executing third-party code from an external registry. - [INDIRECT_PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection by processing external, potentially untrusted documents.
- Ingestion points:
scripts/extract_text.pyandscripts/extract_tables.pyread content from HWPX archives. - Boundary markers: None identified; extracted text is processed without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can execute subprocesses (
soffice), write files (scripts/pack.py), and convert documents to various formats. - Sanitization: No sanitization or validation of the extracted XML content is performed before processing.
- [DATA_EXPOSURE]: The skill performs recursive file system operations, including unpacking and repacking ZIP archives (
scripts/unpack.py,scripts/pack.py), which involves reading and writing multiple files in the local environment.
Recommendations
- AI detected serious security threats
Audit Metadata