pptx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill performs runtime compilation and library injection for sandbox compatibility.
- File:
scripts/office/soffice.py - Evidence: The script writes a C source string to a temporary file, compiles it using
gcc, and then setsLD_PRELOADto load the resulting shared object into thesofficeprocess. - Context: This shim is designed to facilitate interaction with LibreOffice in environments where AF_UNIX sockets are blocked. Per the instruction, the severity is dropped one level as it is essential for the skill's primary function.
- PROMPT_INJECTION (LOW): The skill processes untrusted PPTX files, creating an indirect prompt injection surface.
- Ingestion points: Data enters the agent context includes XML and text content parsed from user-provided
.pptxfiles viascripts/office/unpack.pyandscripts/thumbnail.py. - Boundary markers: Absent. The skill does not use delimiters or instructions to treat extracted content as non-executable data.
- Capability inventory: Execution of subprocesses (
soffice,pdftoppm,gcc), file system manipulation, and XML reconstruction. - Sanitization: The skill follows security best practices by using
defusedxmlto protect against XML-based vulnerabilities (XXE).
Audit Metadata