pptx
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/office/soffice.pydynamically writes C source code to a temporary file and compiles it usinggccinto a shared library at runtime. This library is then injected into thesofficeprocess using theLD_PRELOADenvironment variable to intercept and simulate Unix socket system calls (socket,listen,accept). This approach bypasses system-level socket restrictions but introduces high-risk dynamic execution behavior and binary interception. - [PROMPT_INJECTION]: The skill extracts content from untrusted
.pptxfiles for processing by the agent, creating a surface for indirect prompt injection. * Ingestion points: PowerPoint slide text is extracted using themarkitdowntool as described inSKILL.md. * Boundary markers: No delimiters or behavioral instructions are used to distinguish untrusted slide content from agent instructions in the extraction flow. * Capability inventory: Arbitrary command execution viagcc,soffice, andnodeprocesses, along with broad file system access. * Sanitization: No input filtering or content sanitization is applied to extracted text before it enters the agent's context. - [EXTERNAL_DOWNLOADS]: The skill depends on well-known packages from established organizations, including Microsoft's
markitdownand the widely usedpptxgenjs,Pillow, andreact-iconslibraries. These are established tools and are treated as safe sources.
Audit Metadata