The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently invokes local system binaries using the subprocess.run method to perform its core tasks. Evidence includes the execution of soffice (LibreOffice) for converting presentations to PDF and images, pdftoppm for slide image rendering, and git for comparing document changes in redlining validation workflows.
[REMOTE_CODE_EXECUTION]: The skill implements a dynamic execution pattern in scripts/office/soffice.py where it writes an embedded C source string to a file, compiles it into a shared object library using gcc, and then loads this library into the soffice process environment via the LD_PRELOAD environment variable. This mechanism facilitates runtime code generation and process injection. Although intended as a technical workaround for restricted environments, such capabilities provide a potential vector for unauthorized code execution if abused.
[EXTERNAL_DOWNLOADS]: Documentation and instructions within the skill (SKILL.md, editing.md, pptxgenjs.md) direct the agent to install third-party dependencies from established package registries, specifically markitdown and Pillow from PyPI, and pptxgenjs, react-icons, and sharp from NPM.
[PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface (Category 8) because it ingests complex XML data from user-provided presentation files and has access to powerful system capabilities.
Ingestion points: Slide content processed via markitdown and visual analysis of thumbnails (scripts/thumbnail.py).
Boundary markers: Absent; slide content is processed and analyzed without explicit delimiters or instructions to the agent to disregard natural language commands embedded in the data.
Capability inventory: The skill can execute local shell commands and perform dynamic library compilation and injection.
Sanitization: Absent for natural language content, though XML parsing is hardened using the defusedxml library to mitigate common XML-based attacks.

pptx