docx
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION]: The script
scripts/office/soffice.pyperforms runtime compilation of C source code. It writes a shim file (lo_socket_shim.c) to the system's temporary directory and compiles it usinggccinto a shared object library. - [DYNAMIC_EXECUTION]: The script
scripts/office/soffice.pyutilizes theLD_PRELOADenvironment variable to inject the runtime-compiled shared library into thesofficesubprocess to intercept socket-related system calls. - [DYNAMIC_EXECUTION]: The script
scripts/accept_changes.pydynamically generates a LibreOffice Basic macro and writes it to a temporary path (/tmp/libreoffice_docx_profile/.../Module1.xba) to automate document manipulation tasks. - [INDIRECT_PROMPT_INJECTION]: The skill processes external, untrusted Word documents, which creates an attack surface where embedded instructions could attempt to influence the agent.
- Ingestion points: Document unpacking via
scripts/office/unpack.pyand text extraction viapandoc. - Boundary markers: Absent; extracted document content is not wrapped in protective delimiters.
- Capability inventory: The skill has the ability to execute subprocesses (
soffice,pandoc,pdftoppm,gcc), perform process injection, and access the local file system. - Sanitization: No sanitization or filtering of extracted document text or XML attributes is performed before the data is presented to the agent.
Audit Metadata