The Agent Skills Directory

[COMMAND_EXECUTION]: Runtime compilation and process injection in scripts/office/soffice.py. The script generates C code and compiles it at runtime using gcc to create a shared object. This object is then used via LD_PRELOAD to intercept and redirect socket-related system calls for the soffice process, which is a high-risk pattern used to bypass environment restrictions.\n- [COMMAND_EXECUTION]: Use of subprocess.run to execute system binaries. The skill executes soffice, pdftoppm, and git to handle file conversion, visual processing, and document comparison tasks.\n- [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection via processed PowerPoint files. Ingestion points: Untrusted .pptx files are parsed using markitdown as recommended in the editing workflow. Boundary markers: None; extracted text is not enclosed in delimiters or accompanied by instructions to ignore embedded commands. Capability inventory: Includes runtime compilation, process injection, extensive file system write access, and potential network requests. Sanitization: None; external content is processed without escaping or validation before being presented to the agent.\n- [EXTERNAL_DOWNLOADS]: Fetching of external assets and installation of dependencies. SKILL.md requires installing packages from npm and pip registries. The pptxgenjs module documentation also specifies capabilities to download images from arbitrary external URLs during the slide creation process.

pptx