docx
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The script
scripts/office/soffice.pydynamically generates a C source file and executes the systemgcccompiler to create a shared library (lo_socket_shim.so) at runtime. This behavior is a high-risk pattern for executing arbitrary code.\n- [REMOTE_CODE_EXECUTION] (HIGH): The filescripts/office/soffice.pyutilizesLD_PRELOADto inject the dynamically compiled shared library into thesofficeprocess. Such process injection techniques are frequently used in exploitation and require strict isolation.\n- [COMMAND_EXECUTION] (MEDIUM):scripts/accept_changes.pyusessubprocess.runto execute LibreOffice with a StarBasic macro string passed as a command-line argument to automate the acceptance of tracked changes.\n- [COMMAND_EXECUTION] (LOW): Thescripts/office/validators/redlining.pyutility invokes the systemgitbinary to perform word-level comparisons between document versions.\n- [SAFE] (SAFE): The skill consistently usesdefusedxmlfor XML parsing in its primary processing scripts, which effectively mitigates XML External Entity (XXE) attacks.
Recommendations
- AI detected serious security threats
Audit Metadata