pptx
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The script
scripts/office/soffice.pycontains a hardcoded C source string (_SHIM_SOURCE) that is written to a temporary file and compiled into a shared object (lo_socket_shim.so) at runtime usinggcc. - [PRIVILEGE_ESCALATION]: The skill uses
LD_PRELOADto inject the dynamically compiled C library into thesofficeprocess. This technique is used to bypass system-level restrictions onAF_UNIXsockets in restricted or sandboxed environments, which constitutes a deliberate escalation of process capabilities beyond environment defaults. - [COMMAND_EXECUTION]: The skill utilizes several subprocess calls to manage document processing, including
gccfor compilation,sofficefor PDF conversion, andpdftoppmfor image extraction. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: User-provided
.pptxfiles are ingested into the agent context via themarkitdownlibrary as specified inSKILL.md. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the extracted presentation text.
- Capability inventory: The skill has significant capabilities including subprocess execution (
gcc,soffice,pdftoppm) and file system write access (pack.py,add_slide.py). - Sanitization: No sanitization or filtering logic is present for the text extracted from slide decks.
- [METADATA_POISONING]: The skill exhibits conflicting metadata; while the YAML frontmatter claims authorship by
eigent-aiand a proprietary license, theLICENSE.txtfile contains an Anthropic copyright and standard license terms, which may lead to confusion regarding the provenance and safety of the code.
Audit Metadata