The Agent Skills Directory

Dynamic Execution (HIGH): The script scripts/office/soffice.py generates C source code at runtime, compiles it using gcc, and injects the resulting shared library into the soffice (LibreOffice) process using the LD_PRELOAD environment variable. This allows for low-level process manipulation and arbitrary code execution.\n- Command Execution (MEDIUM): Multiple scripts utilize the subprocess module to execute external binaries including gcc, soffice, pdftoppm, and git. While these are used for document processing and validation, they increase the attack surface if external inputs are not strictly validated.\n- Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted PPTX files, which could contain malicious instructions meant to influence the agent's behavior during analysis or visual inspection.\n
Ingestion points: External .pptx files processed by scripts/office/unpack.py.\n
Boundary markers: No explicit delimiters or instructions to ignore embedded content were found in the processing scripts.\n
Capability inventory: The skill has the ability to write to the filesystem, execute system commands (subprocess.run), and compile/inject code.\n
Sanitization: The skill correctly uses defusedxml to mitigate XML-based attacks (XXE) in most processing files, though standard xml.etree.ElementTree is used in some validation scripts.

pptx