skills/phuryn/skills/pptx/Gen Agent Trust Hub

pptx

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the subprocess module to execute various system commands. scripts/thumbnail.py runs soffice and pdftoppm for rendering slide previews. scripts/office/validators/redlining.py runs git to generate content diffs. scripts/office/soffice.py runs gcc to compile a shared library.
  • [REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py performs dynamic code generation and process injection. It writes a C source string to a temporary location, compiles it into a shared object using gcc, and uses the LD_PRELOAD environment variable to inject this library into the LibreOffice process. This technique shims socket-related system calls to bypass environment restrictions.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes untrusted PowerPoint documents.
  • Ingestion points: .pptx files are parsed using markitdown and processed by system conversion tools in scripts/thumbnail.py and documented workflows.
  • Boundary markers: None are implemented in the scripts to isolate untrusted data from instructions.
  • Capability inventory: The skill possesses extensive capabilities including arbitrary system command execution, file system write access, and runtime code compilation.
  • Sanitization: Extracted content is not explicitly sanitized before being utilized in subsequent automated operations.
  • [EXTERNAL_DOWNLOADS]: The skill references and installs well-known document processing libraries such as markitdown, pptxgenjs, and defusedxml. These are sourced from official package registries and established repositories.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 11:50 AM
Security Audit — agent-trust-hub — pptx