The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the subprocess.run and os.system patterns to execute external tools. Evidence includes:
scripts/office/soffice.py: Executes gcc to compile a C shim.
scripts/office/soffice.py: Executes soffice (LibreOffice) with custom environment variables.
scripts/thumbnail.py: Executes soffice and pdftoppm (Poppler) to generate slide images.
scripts/office/validators/redlining.py: Executes git to generate diffs for document validation.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from .pptx and .docx files.
Ingestion points: scripts/office/unpack.py extracts XML content from user-provided Office documents which are then read by the agent.
Boundary markers: None detected in the script logic to separate untrusted document content from instructions.
Capability inventory: The skill has significant capabilities, including arbitrary file writes (pack.py, unpack.py), network access (via PptxGenJS documentation), and system command execution (soffice.py).
Sanitization: The skill correctly uses defusedxml to parse XML, which mitigates XML External Entity (XXE) attacks, but does not sanitize natural language content that might influence the agent's logic.
[COMMAND_EXECUTION]: scripts/office/soffice.py contains a hardcoded C source string that is written to a temporary file and compiled at runtime using gcc to produce a shared object (.so). This is a dynamic compilation pattern.
[COMMAND_EXECUTION]: scripts/office/soffice.py employs the LD_PRELOAD environment variable to perform process injection, loading the dynamically compiled C shim into the soffice process to bypass AF_UNIX socket restrictions.
[EXTERNAL_DOWNLOADS]: Guidelines in pptxgenjs.md provide examples for fetching images from remote URLs (e.g., https://example.com/image.jpg) during presentation generation.

pptx