pptx
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Dynamic Execution] (HIGH): The file
scripts/office/soffice.pycontains a complete C source code string (_SHIM_SOURCE). At runtime, it writes this code to a temporary file, compiles it usinggcc -shared -fPIC, and then executes LibreOffice (soffice) with theLD_PRELOADenvironment variable pointing to the resulting shared library. While intended for compatibility (bypassing socket restrictions in sandboxes), runtime compilation and library injection are high-risk behaviors. - [Unverifiable Dependencies & Remote Code Execution] (MEDIUM):
SKILL.mdrequires the installation of several external packages from public registries (markitdown,pptxgenjs,Pillow) and system utilities (LibreOffice,Poppler). These are executed with agent permissions without source verification. - [Indirect Prompt Injection] (LOW): The skill processes untrusted user-provided PowerPoint files and uses subagents to analyze rendered slide images, creating a vulnerability surface for indirect prompt injection.
- Ingestion points:
presentation.pptx(viamarkitdownextraction andthumbnail.pyrendering). - Boundary markers: No explicit delimiters or instructions to ignore embedded content are used in the subagent prompts defined in
SKILL.md. - Capability inventory: Extensive subprocess capabilities including
soffice,pdftoppm, andgcc(viasoffice.py). - Sanitization: No sanitization of extracted slide text or rendered visual content is performed before analysis.
Recommendations
- AI detected serious security threats
Audit Metadata