Skills
skills/tfboy1/academic-paper-writer/academic-paper-writer-pro/Gen Agent Trust Hub

academic-paper-writer-pro

Warn

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script docx/scripts/office/soffice.py contains a hardcoded C source code string that is compiled into a shared library using gcc at runtime. This library is then loaded into the execution environment of the soffice process using the LD_PRELOAD environment variable to hook networking functions.
  • [COMMAND_EXECUTION]: Several components of the skill execute system-level commands through the Python subprocess module to perform core tasks:
  • docx/scripts/office/soffice.py executes gcc for dynamic compilation and soffice for document processing.
  • docx/scripts/accept_changes.py executes soffice to run automated Basic macros.
  • ocr_kb/scripts/latex_to_omml.py invokes pandoc to convert math formulas between formats.
  • [EXTERNAL_DOWNLOADS]: The README.md documentation encourages users to install an agentic framework from an untrusted GitHub repository (github.com/code-yeongyu/oh-my-opencode). The skill also includes links to various external domains for downloading academic templates (e.g., ieee.org, acm.org, springernature.com).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 15, 2026, 08:02 AM