The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill is designed to process external Office documents, creating an attack surface where malicious files can influence the system. Mandatory Evidence Chain: 1. Ingestion points: ooxml/scripts/unpack.py and ooxml/scripts/validation/docx.py extract zip contents from user-provided files. 2. Boundary markers: None present. 3. Capability inventory: zipfile.extractall in unpack.py and docx.py, subprocess.run (calling soffice) in pack.py, and prs.save in rearrange.py. 4. Sanitization: Uses defusedxml for XML parsing to mitigate XXE, but lacks path validation for zip extraction.
[Privilege Escalation] (MEDIUM): The use of zipfile.extractall() in both ooxml/scripts/unpack.py and ooxml/scripts/validation/docx.py without path validation is vulnerable to the Zip Slip attack. A crafted Office document could contain filenames with path traversal segments (e.g., ../../target) to overwrite arbitrary files on the filesystem, potentially leading to privilege escalation or remote command execution if system configuration or executable files are targeted.

pptx