Skills
skills/family3253/skill/anthropics-docx/Gen Agent Trust Hub

anthropics-docx

Warn

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Runtime C compilation and process injection.
  • File: scripts/office/soffice.py
  • Evidence: The script contains an embedded C source string (_SHIM_SOURCE) that is written to disk, compiled at runtime using gcc, and injected into the process environment using the LD_PRELOAD variable to intercept system-level socket calls.
  • [COMMAND_EXECUTION]: Automated execution of Office macros.
  • File: scripts/accept_changes.py
  • Evidence: The script defines a StarBasic macro (ACCEPT_CHANGES_MACRO) and invokes it via the soffice headless interface to automate tracked changes acceptance.
  • [EXTERNAL_DOWNLOADS]: Installation of unpinned external dependencies.
  • File: SKILL.md
  • Evidence: Instructions specify installing the docx package globally using npm install -g docx without verifying the source or pinning a specific version.
  • [PROMPT_INJECTION]: Potential attack surface for indirect prompt injection.
  • Ingestion points: scripts/office/unpack.py (reads and extracts XML from user-provided DOCX files).
  • Boundary markers: Absent. There are no delimiters or specific instructions to disregard malicious content within the document XML.
  • Capability inventory: Subprocess execution, runtime compilation, and file system write operations.
  • Sanitization: Partially present through the use of defusedxml for XML parsing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 15, 2026, 08:19 AM