The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs dynamic code generation and system-level injection to handle process communication in restricted environments.\n
Evidence: The file scripts/office/soffice.py embeds C source code that is written to disk, compiled via gcc, and then loaded into the soffice process using LD_PRELOAD. This intercepts and redirects standard socket calls.\n- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection (Category 8) through its visual inspection features.\n
Ingestion points: Processes untrusted text and layouts from .pptx files using scripts/thumbnail.py and markitdown.\n
Boundary markers: The instructions for the Visual QA subagent in SKILL.md lack delimiters to separate user data from instructions.\n
Capability inventory: The skill can execute arbitrary commands (subprocess) and manipulate the file system (unlink, rmtree) via scripts like scripts/clean.py and scripts/office/pack.py.\n
Sanitization: No sanitization is applied to the data extracted from presentation files before it is used in subagent prompts.

pptx