docx
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Dynamic Execution (MEDIUM): In
scripts/office/soffice.py, a C source code shim is embedded as a string, written to a temporary file, compiled at runtime usinggcc, and then loaded into thesofficeprocess using theLD_PRELOADenvironment variable. This is a high-risk technique typically used for process injection, though here it is intended to shim socket behavior in restricted environments. - Indirect Prompt Injection (LOW): The skill processes untrusted external Office files (
.docx,.pptx,.xlsx), creating a vulnerability surface for indirect prompt injection. - Ingestion points: Files are ingested via ZIP extraction in
unpack.pyand XML reading inpack.py. - Boundary markers: No explicit boundary markers or instruction-ignoring delimiters are used when processing document content.
- Capability inventory: The skill can execute
gcc,soffice, andgitviasubprocess.run. - Sanitization: The skill uses
defusedxmlfor XML parsing to prevent XXE attacks, but the content remains a surface for instruction-based attacks. - Command Execution (LOW): The skill executes various system utilities (
soffice,gcc,git) usingsubprocess.run.
Audit Metadata