Skills
skills/forceinjection/awesome-skills/pptx-reader/Gen Agent Trust Hub

pptx-reader

Fail

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py dynamically writes C source code to a temporary file, compiles it into a shared library using gcc, and then uses the LD_PRELOAD environment variable to inject it into the soffice process. This technique is used to intercept and shim socket system calls at runtime, representing a high-risk dynamic execution pattern.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the subprocess module to execute system binaries. It runs gcc for runtime compilation in soffice.py, and calls soffice and pdftoppm for file conversion in thumbnail.py and soffice.py.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it processes untrusted user-provided .pptx files. 1. Ingestion points: scripts/thumbnail.py and scripts/office/unpack.py (reading .pptx files). 2. Boundary markers: Absent. 3. Capability inventory: subprocess calls for compilation and system tools in scripts/office/soffice.py and scripts/thumbnail.py. 4. Sanitization: Absent. Malicious instructions embedded in a presentation could influence the agent's behavior during analysis.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 29, 2026, 02:31 AM