The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py performs runtime compilation of C code and uses the LD_PRELOAD environment variable to inject this code into the LibreOffice process.\n
The skill includes an embedded C source string (_SHIM_SOURCE) used to shim socket calls in environments where AF_UNIX is restricted.\n
This code is compiled into a shared library using gcc and loaded into another process via LD_PRELOAD, which is a powerful pattern that modifies process execution and can be used for malicious purposes.\n- [COMMAND_EXECUTION]: The skill makes extensive use of the subprocess module to execute system commands for its primary functionality.\n
Scripts invoke CLI tools including soffice, pdftoppm, git, and gcc across multiple operations.\n
The logic in scripts/office/validators/redlining.py and scripts/thumbnail.py handles file paths without explicit validation, which could pose risks if malicious paths are processed.\n
The BaseSchemaValidator class in scripts/office/validators/base.py uses lxml.etree.parse without explicitly disabling entity resolution, creating a potential XML External Entity (XXE) risk when processing malicious presentations.\n- [PROMPT_INJECTION]: The skill processes untrusted PowerPoint files and extracts content that is subsequently processed by the AI agent.\n
Files are unpacked and text is extracted using markitdown without explicit boundary markers in the instructions to separate data from instructions.\n
The skill has significant local capabilities (shell access, compiler access), increasing the potential impact of a successful indirect prompt injection attack triggered by content within a loaded presentation.

pptx