docx
Warn
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script
scripts/office/soffice.pyperforms runtime compilation and process injection. It writes hardcoded C source code to a temporary file (lo_socket_shim.c), compiles it usinggccinto a shared library, and then uses theLD_PRELOADenvironment variable to inject this library into thesoffice(LibreOffice) process. While documented as a Technical workaround for restricted environments, runtime compilation and library injection are highly sensitive behaviors. - [COMMAND_EXECUTION]: The script
scripts/office/unpack.pyis vulnerable to directory traversal (Zip Slip). It utilizeszipfile.extractall()without verifying that the extraction paths of the files inside the archive stay within the designated output directory. A maliciously crafted Word document could potentially overwrite sensitive system files or shell configuration files when processed. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting content from external Word documents. The instructions guide the agent to extract text using
pandocorscripts/office/unpack.pyand bring it into the context without using specific boundary markers or sanitization logic to prevent the agent from obeying instructions hidden within the document's content. - [EXTERNAL_DOWNLOADS]: The skill instructions (SKILL.md) recommend the installation of the
docxlibrary from the public npm registry to enable document generation capabilities.
Audit Metadata