The Agent Skills Directory

[SAFE]: The skill implementation follows security best practices for handling Office Open XML data.
Evidence: Uses the defusedxml library in ooxml/scripts/unpack.py and ooxml/scripts/pack.py to mitigate XML External Entity (XXE) vulnerabilities when processing user-provided documents.
Evidence: Provides local copies of necessary XSD schemas in the ooxml/schemas/ directory, ensuring that document validation does not require external network access to fetch schema definitions.
[COMMAND_EXECUTION]: The skill utilizes system utilities for document processing and rendering.
Evidence: Utility scripts such as pack.py and thumbnail.py use the subprocess module to execute soffice (LibreOffice) and pdftoppm. These calls are implemented securely using argument lists to prevent shell injection, and they are essential to the primary function of the skill.
[PROMPT_INJECTION]: The skill processes untrusted third-party documents, which creates an attack surface for indirect prompt injection.
Evidence: Document content is ingested through markitdown and scripts/inventory.py. While this creates an entry point for malicious instructions embedded in slide text, the skill relies on standard extraction methods and the agent's underlying safety guardrails to manage the risk of interpreting document text as commands.

pptx