pptx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The script 'scripts/office/soffice.py' contains an embedded C source string that is written to a temporary file and compiled with gcc at runtime. The resulting shared library is injected into the 'soffice' process using the LD_PRELOAD environment variable to shim socket system calls. Although this is a high-risk process injection technique typically rated as HIGH, the severity is adjusted to MEDIUM because it is used as a technical workaround for the skill's primary functionality in restricted environments.
- Indirect Prompt Injection (LOW): The skill is designed to extract text from user-provided .pptx files, creating a surface for indirect prompt injection. [Ingestion points]: Text extraction from PowerPoint files via 'markitdown' and 'unpack.py'. [Boundary markers]: None identified. [Capability inventory]: Execution of shell commands (LibreOffice, pdftoppm), file system access, and subagent invocation. [Sanitization]: Extracted text is passed to the agent without sanitization or filtering.
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill utilizes external packages such as 'markitdown' and 'pptxgenjs' installed through standard package managers (pip and npm).
- Command Execution (SAFE): Subprocess calls to system utilities like 'soffice' and 'pdftoppm' are used for legitimate file conversion and rendering tasks.
Audit Metadata