pptx
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py dynamically generates C source code at runtime, writes it to a temporary file, and compiles it into a shared library using gcc. This library is then injected into the LibreOffice process via the LD_PRELOAD environment variable to hook system calls such as socket, listen, and accept.
- [COMMAND_EXECUTION]: The skill frequently executes external system binaries using subprocess.run, including gcc for compilation, soffice for document conversion, pdftoppm for image rendering, and git for generating text diffs.
- [PROMPT_INJECTION]: The skill's primary workflow involves reading and extracting content from untrusted .pptx files using markitdown and unpack.py. The ingestion of this untrusted content, which is then processed by the agent or subagents to replace placeholders, creates a surface for indirect prompt injection as documented in editing.md and SKILL.md.
Recommendations
- AI detected serious security threats
Audit Metadata