The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The references/ooxml/scripts/pack.py script executes the soffice (LibreOffice) binary via subprocess.run to validate document integrity. The execution is constrained to a headless conversion process with arguments derived from trusted logic (file extensions), posing no significant security risk.
[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from user-provided Office documents and HTML templates.
Ingestion points: Untrusted data enters the agent context through references/ooxml/scripts/unpack.py and scripts/rearrange.py during document parsing.
Boundary markers: The instructions in SKILL.md lack explicit delimiters or 'ignore embedded instructions' warnings for content found within the slides or documents.
Capability inventory: The skill has the ability to execute subprocesses (soffice) and perform file system operations (write/delete) across multiple scripts.
Sanitization: While the skill correctly uses defusedxml to protect against XML External Entity (XXE) attacks, it does not sanitize the semantic content of the documents, which could contain malicious instructions designed to influence the agent's behavior during auditing or manipulation tasks.

powerpoint