docx
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The file
scripts/office/soffice.pyperforms runtime compilation and library injection. It writes a C source file to a temporary location, compiles it into a shared object usinggcc, and then uses theLD_PRELOADenvironment variable to inject this library into thesofficeprocess. This pattern allows for process hooking and execution of arbitrary code within the child process. - [COMMAND_EXECUTION] (MEDIUM):
scripts/accept_changes.pyexecutessoffice(LibreOffice) with a custom Basic macro to modify DOCX files. Running macros via command line on untrusted documents is a known attack vector. - [COMMAND_EXECUTION] (LOW):
scripts/office/validators/redlining.pyexecutesgit diffon text extracted from documents for version comparison purposes. - [SAFE]: The skill demonstrates security awareness by using the
defusedxmllibrary in most XML processing tasks (unpack.py,pack.py,merge_runs.py) to prevent XML External Entity (XXE) attacks.
Recommendations
- AI detected serious security threats
Audit Metadata