The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the subprocess module to execute external system tools. This includes calls to soffice (LibreOffice) for document conversion, pdftoppm for slide imaging, and git for generating document diffs in scripts/office/validators/redlining.py. Most significantly, scripts/office/soffice.py dynamically writes C source code to a temporary file and invokes gcc at runtime to compile a shared object library used for socket interception via LD_PRELOAD.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from external PowerPoint files.
Ingestion points: Files are unpacked and their XML content is read into the agent context in scripts/office/unpack.py and SKILL.md.
Boundary markers: Absent; the skill does not use specific delimiters or instructions to the agent to ignore potentially malicious text within slide content.
Capability inventory: The skill has high privileges, including the ability to compile code (gcc), execute system binaries (soffice, git), and write files to the system.
Sanitization: While defusedxml is used to prevent XML-level exploits (XXE), there is no sanitization of the natural language content extracted from slides before it is processed by the AI.
[SAFE]: The skill demonstrates security awareness by using the defusedxml library for parsing Office XML files instead of the standard xml.etree, which effectively mitigates XML External Entity (XXE) vulnerabilities when handling files provided by users.

pptx