The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/office/soffice.py implements a process injection mechanism. It writes an embedded C source string to a temporary file, compiles it into a shared object using gcc, and then injects it into the soffice (LibreOffice) process via the LD_PRELOAD environment variable. This is intended to bypass AF_UNIX socket restrictions in restricted environments but represents a high-risk technical pattern.
[EXTERNAL_DOWNLOADS]: The skill documentation in SKILL.md and pptxgenjs.md requires the installation of various third-party dependencies from public registries, including pptxgenjs (npm), markitdown (pip), and several UI-related libraries (react, react-icons, sharp).
[PROMPT_INJECTION]: The skill presents an Indirect Prompt Injection surface (Category 8). It ingests untrusted data from user-provided .pptx files (ingestion point: SKILL.md) and provides the agent with powerful capabilities like subprocess execution and file system access (capability inventory: soffice.py, add_slide.py). The skill lacks explicit sanitization or boundary markers to prevent the agent from obeying instructions embedded within processed presentation content.
[SAFE]: The skill correctly mitigates XML-based vulnerabilities by using the defusedxml library instead of standard xml.etree for all parsing operations in unpack.py, clean.py, and thumbnail.py. This is an industry-standard protection against XML External Entity (XXE) attacks.

pptx