Skills
skills/andreacovelli/my-skills/pptx/Gen Agent Trust Hub

pptx

Fail

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py performs runtime compilation and process injection.
  • It writes C source code to a temporary directory and compiles it into a shared object library using gcc via a subprocess.run call.
  • It utilizes the LD_PRELOAD environment variable to inject this dynamically generated library into LibreOffice processes to handle environment-specific socket restrictions.
  • [COMMAND_EXECUTION]: Multiple scripts execute system-level commands through the subprocess module with arguments derived from input parameters.
  • scripts/pptx_render.py and scripts/thumbnail.py call external utilities including libreoffice and pdftoppm.
  • scripts/office/validators/redlining.py executes git diff to compare document contents.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted PowerPoint files.
  • Ingestion point: scripts/pptx_text.py and markitdown extract text directly from slide XML files and speaker notes.
  • Boundary markers: The extracted content is provided to the agent without delimiters or clear instructions to ignore embedded commands, potentially allowing content to influence agent behavior.
  • Capability inventory: The skill has extensive capabilities, including executing shell commands (scripts/pptx_render.py), modifying the file system (scripts/clean.py, scripts/add_slide.py), and using library injection.
  • Sanitization: While the skill uses defusedxml to mitigate XML-based attacks, it does not sanitize the extracted text content before providing it to the agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 12, 2026, 11:38 PM
Security Audit — agent-trust-hub — pptx