The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py performs runtime compilation of hardcoded C source code into a shared object file using gcc. It then uses the LD_PRELOAD environment variable to inject this library into the soffice process. This is a library injection technique used to intercept system calls and provide a compatibility shim for socket operations in restricted environments.
[COMMAND_EXECUTION]: Multiple scripts execute external system utilities via subprocess.run(), including gcc for compilation, pdftoppm for image extraction, and soffice for document conversion. While these tools are used for the skill's primary purpose of PPTX processing, the use of arbitrary command execution involves security risks.
[EXTERNAL_DOWNLOADS]: The skill's documentation directs the user or agent to install several third-party dependencies from official registries, including markitdown[pptx] from PyPI and pptxgenjs and sharp from NPM.
[SAFE]: The skill utilizes the defusedxml library for all XML parsing operations in scripts like pack.py, unpack.py, and clean.py, which effectively mitigates risks associated with XML External Entity (XXE) attacks in Office Open XML files.

pptx-official