The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs runtime compilation of an embedded C shim to ensure compatibility in restricted or sandboxed environments.
File: scripts/office/soffice.py
Evidence: The script contains a hardcoded C source string (_SHIM_SOURCE) which it writes to a temporary file and compiles using gcc -shared -fPIC. The resulting shared object is then injected into the soffice process environment using the LD_PRELOAD variable to intercept socket calls.
[COMMAND_EXECUTION]: The skill executes external system utilities to render slides and perform diffing operations.
Files: scripts/thumbnail.py, scripts/office/validators/redlining.py
Evidence: Uses subprocess.run to call soffice (LibreOffice), pdftoppm (Poppler), and git diff.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of several external dependencies from public registries.
File: SKILL.md
Evidence: Recommends installing markitdown, Pillow, and pptxgenjs. Additional Node.js packages like react-icons and sharp are also mentioned in the documentation.
[PROMPT_INJECTION]: The skill ingests untrusted content from PowerPoint files, creating a surface for indirect prompt injection.
Ingestion points: SKILL.md, scripts/office/unpack.py (processing user-provided .pptx files).
Boundary markers: Absent; text extracted from presentations is processed by the agent without explicit delimiters or instructions to ignore embedded commands.
Capability inventory: Subprocess execution (gcc, soffice, git) and file system access across all scripts.
Sanitization: While the skill uses defusedxml for secure XML parsing, it lacks sanitization or escaping for the natural language content extracted from slide text boxes.

pptx