pptx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly unpacks and reads arbitrary .pptx files supplied at runtime (e.g., via python ooxml/scripts/unpack.py <office_file>, template.pptx, working.pptx, and by reading template-content.md / text-inventory.json) so it ingests untrusted, user-provided presentation content that the agent must interpret.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly instructs installing system packages using sudo (e.g., "sudo apt-get install libreoffice" and poppler-utils) and global package installs, which require elevated privileges and modify the machine's state.