pptx
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
subprocessmodule to execute various system commands.scripts/thumbnail.pyrunssofficeandpdftoppmfor rendering slide previews.scripts/office/validators/redlining.pyrunsgitto generate content diffs.scripts/office/soffice.pyrunsgccto compile a shared library. - [REMOTE_CODE_EXECUTION]: The script
scripts/office/soffice.pyperforms dynamic code generation and process injection. It writes a C source string to a temporary location, compiles it into a shared object usinggcc, and uses theLD_PRELOADenvironment variable to inject this library into the LibreOffice process. This technique shims socket-related system calls to bypass environment restrictions. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes untrusted PowerPoint documents.
- Ingestion points: .pptx files are parsed using
markitdownand processed by system conversion tools inscripts/thumbnail.pyand documented workflows. - Boundary markers: None are implemented in the scripts to isolate untrusted data from instructions.
- Capability inventory: The skill possesses extensive capabilities including arbitrary system command execution, file system write access, and runtime code compilation.
- Sanitization: Extracted content is not explicitly sanitized before being utilized in subsequent automated operations.
- [EXTERNAL_DOWNLOADS]: The skill references and installs well-known document processing libraries such as
markitdown,pptxgenjs, anddefusedxml. These are sourced from official package registries and established repositories.
Audit Metadata