The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py contains logic to compile a C source string (_SHIM_SOURCE) at runtime using gcc. The resulting shared object (lo_socket_shim.so) is injected into the soffice process via the LD_PRELOAD environment variable to intercept and shim AF_UNIX socket system calls (socket, listen, accept, close). This pattern is used to bypass socket restrictions in sandboxed execution environments.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of several third-party dependencies during setup as documented in SKILL.md and pptxgenjs.md, including the markitdown Python package and the pptxgenjs Node.js library, along with their respective ecosystems (Pillow, react-icons, sharp).
[COMMAND_EXECUTION]: The skill utilizes several scripts that spawn subprocesses to interact with system tools:
scripts/office/soffice.py: Executes gcc for shim compilation and soffice for document conversion.
scripts/thumbnail.py: Spawns soffice and Poppler's pdftoppm to generate slide images.
scripts/office/validators/redlining.py: Uses git diff to perform text comparison for tracked changes.
[PROMPT_INJECTION]: The skill processes untrusted user-provided .pptx files, which constitutes a surface for indirect prompt injection attacks.
Ingestion points: Text extraction is performed in SKILL.md using markitdown and raw XML unpacking.
Boundary markers: No explicit delimiters or instructions to ignore embedded content are applied to extracted text in the extraction commands.
Capability inventory: The skill has extensive capabilities including subprocess spawning (gcc, soffice, pdftoppm, git), file system manipulation (zipfile, Path.unlink, shutil), and runtime code injection (LD_PRELOAD).
Sanitization: XML processing in scripts/office/unpack.py and scripts/office/pack.py uses the defusedxml library to prevent XML External Entity (XXE) vulnerabilities.

anthropics-pptx