office-docs
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
subprocessmodule to execute various system tools necessary for document processing and validation. These include: gccfor compiling a C-based shim library inscripts/office/soffice.py.soffice(LibreOffice) for converting documents to PDF inscripts/thumbnail.pyandscripts/office/soffice.py.pdftoppmfor converting PDF pages to images for slide thumbnails inscripts/thumbnail.py.git difffor comparing textual changes in Word documents withinscripts/office/validators/redlining.py.- [REMOTE_CODE_EXECUTION]: A dynamic execution pattern is present in
scripts/office/soffice.py. The script contains an embedded C source code string (_SHIM_SOURCE) intended to shim system calls for Unix domain sockets. At runtime, the script writes this source to a temporary directory, compiles it into a shared library usinggcc, and configures the environment to inject this library into thesofficeprocess using theLD_PRELOADenvironment variable. This allows the skill to intercept and modify core system behaviors (such assocket,listen, andaccept) to enable functionality in restricted execution environments.
Audit Metadata