xlsx
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs runtime compilation of a C source file into a shared object using gcc in scripts/office/soffice.py. This compiled library is then injected into the soffice process using the LD_PRELOAD environment variable to handle Unix socket communication issues. While used for technical compatibility, this technique allows overriding standard library functions and is a high-privilege operation.
- [COMMAND_EXECUTION]: Subprocess calls are used to execute system tools including soffice (for formula recalculation in scripts/recalc.py) and git (for document comparison in scripts/office/validators/redlining.py).
- [COMMAND_EXECUTION]: The scripts/office/unpack.py script uses zipfile.extractall() to extract Office documents (which are ZIP archives). This is a potential vulnerability surface if the skill processes untrusted files without explicit path validation.
- [PROMPT_INJECTION]: The SKILL.md instructions include an 'Autonomy Doctrine' ('Act, don't ask') and 'Communication Rules' that forbid the AI from exposing implementation details to the user. These instructions attempt to override standard agent transparency and interaction protocols regarding user oversight.
Audit Metadata