pptx
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
scripts/office/soffice.pyto compile an embedded C source string at runtime usinggcc. The resulting shared library is used withLD_PRELOADto inject into thesofficeprocess, subverting environment-level restrictions on AF_UNIX sockets. - [EXTERNAL_DOWNLOADS]: Generation workflows defined in
pptxgenjs.mdsupport downloading image assets from arbitrary remote URLs. - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface (Category 8). 1. Ingestion point:
scripts/office/unpack.pyparses user-provided.pptxfiles. 2. Boundary markers: Absent. 3. Capability inventory: The skill performs high-risk subprocess calls across several files includingscripts/office/soffice.py(gcc) andscripts/thumbnail.py(pdftoppm). 4. Sanitization: There is no sanitization or escaping of extracted slide text, thoughdefusedxmlis correctly used for XML processing.
Audit Metadata