pptx
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill script scripts/office/soffice.py dynamically generates C code and executes the gcc compiler at runtime to create a shared library. It then uses the LD_PRELOAD environment variable to inject this library into the soffice process, which overrides standard system calls.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands using subprocess.run across several scripts, including system binaries like soffice, pdftoppm, and git for document processing and validation tasks.
- [EXTERNAL_DOWNLOADS]: Documentation in pptxgenjs.md guides the agent to fetch and embed images from arbitrary external URLs into presentation slides, exposing the agent to external network content.
Audit Metadata