Skills
skills/onyx-dot-app/onyx/pptx/Gen Agent Trust Hub

pptx

Warn

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the subprocess module to execute system commands and performs runtime code generation and process injection.
  • Process Injection: In scripts/office/soffice.py, C source code is written to the filesystem, compiled into a shared library using gcc, and loaded using the LD_PRELOAD environment variable to shim network socket calls for the soffice binary.
  • System Tool Execution: Multiple scripts including thumbnail.py, preview.py, and redlining.py execute binaries such as soffice, pdftoppm, and git using arguments derived from user-provided file paths.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 01:53 PM