The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/office/soffice.py performs runtime compilation and process injection. It writes a C source shim to a temporary directory and compiles it using gcc into a shared object library. This library is then injected into the soffice process environment using LD_PRELOAD to modify socket-level behavior.\n- [COMMAND_EXECUTION]: The skill invokes several external command-line utilities to process files, including soffice (LibreOffice), pdftoppm (Poppler), and git. These are used for converting presentations to PDF, generating slide thumbnails, and calculating document diffs.\n- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection through the ingestion of external PPTX files.\n
Ingestion points: XML content from presentation files is read and processed in scripts/office/unpack.py, scripts/office/pack.py, and scripts/thumbnail.py.\n
Boundary markers: Absent. No specific delimiters or instructions are provided to the agent to distinguish between data content and control instructions within the XML files.\n
Capability inventory: The skill has significant capabilities including runtime compilation (gcc), file system modifications (pack.py), and execution of complex CLI tools.\n
Sanitization: Security best practices are partially followed using defusedxml in several scripts to mitigate XXE attacks, although some components like scripts/office/validators/redlining.py use the standard xml.etree.ElementTree library, which is vulnerable to entity-based attacks.

pptx