Skills
skills/l-yifan/skills/docx/Gen Agent Trust Hub

docx

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Runtime compilation of C source code. The file scripts/office/soffice.py programmatically invokes gcc to compile a shared library (lo_socket_shim.so) from a hardcoded source string to manage AF_UNIX socket interactions.
  • [COMMAND_EXECUTION]: System environment manipulation for library injection. scripts/office/soffice.py uses the LD_PRELOAD mechanism to force the LibreOffice process to load the dynamically compiled shim, which intercepts core system calls like socket() and accept().
  • [COMMAND_EXECUTION]: Extensive use of external subprocesses. The skill relies on executing multiple binaries including soffice, pandoc, pdftoppm, and git across various utility scripts.
  • [PROMPT_INJECTION]: Vulnerability to Indirect Prompt Injection. The skill is designed to ingest and process untrusted data from external .docx files. It lacks explicit boundary markers or protective instructions to prevent the model from obeying malicious commands embedded within the document's XML content during extraction or editing phases.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 03:05 PM