Skills
skills/kcchien/skills/pptx/Gen Agent Trust Hub

pptx

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The utility script scripts/office/soffice.py performs runtime compilation by invoking gcc to build a shared library (lo_socket_shim.so) from source code embedded within the script. This is used as a workaround for socket restrictions in sandboxed environments.
  • [COMMAND_EXECUTION]: The script scripts/office/soffice.py uses the LD_PRELOAD environment variable to inject the dynamically compiled shared library into the LibreOffice (soffice) process to intercept system calls.
  • [COMMAND_EXECUTION]: Multiple scripts in the skill (scripts/thumbnail.py, scripts/office/soffice.py, scripts/office/validators/redlining.py) utilize subprocess.run to execute external system tools, including soffice, pdftoppm, git, and gcc.
  • [COMMAND_EXECUTION]: The skill uses npm install -g pptxgenjs and various pip commands to install functional dependencies at runtime.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 03:09 PM