The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs advanced system-level operations to support its functionality.
Runtime Compilation and Injection: scripts/office/soffice.py contains logic to compile a C source file (lo_socket_shim.c) into a shared library (lo_socket_shim.so) using gcc at runtime. The resulting binary is then injected into subsequent process calls using the LD_PRELOAD environment variable to shim network socket calls.
Command Spawning: Multiple scripts execute system commands via subprocess.run, including soffice and pdftoppm in scripts/thumbnail.py and git diff in scripts/office/validators/redlining.py.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes data from untrusted external files.
Ingestion points: scripts/office/unpack.py extracts XML content, and markitdown (referenced in SKILL.md) extracts text from input .pptx files.
Boundary markers: Absent. Slide content is extracted and processed by the agent or subagents without clear delimiters or instructions to ignore embedded commands.
Capability inventory: The skill possesses significant capabilities, including runtime compilation, shell command execution, and file system write access.
Sanitization: No explicit sanitization or filtering of extracted presentation content is implemented before it is processed by the AI.
[EXTERNAL_DOWNLOADS]: The skill documentation provides instructions for installing third-party dependencies from public registries.
Package Installation: SKILL.md and pptxgenjs.md recommend installing packages from NPM (pptxgenjs, react-icons, sharp) and system package managers (libreoffice, poppler). These references point to established, well-known software tools and services.

pptx