docx
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs runtime compilation of C source code into a shared library using
gcc. Specifically, inscripts/office/soffice.py, a socket shim is written to a temporary file, compiled, and subsequently injected into the LibreOffice execution environment using theLD_PRELOADmechanism. This is implemented to bypass AF_UNIX socket restrictions in sandboxed environments. - [COMMAND_EXECUTION]: Several scripts utilize
subprocess.runto execute external binaries and system tools, including: soffice(LibreOffice) for document conversion and macro execution inscripts/accept_changes.pyandscripts/office/soffice.py.gitfor generating text differences inscripts/office/validators/redlining.py.gccfor the aforementioned runtime compilation inscripts/office/soffice.py.- [SAFE]: The skill uses
defusedxmlandlxmlfor XML parsing, which provides protection against common XML-based attacks like XML External Entity (XXE) injection.
Audit Metadata