The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Runtime compilation and shared library injection.\n
The script scripts/office/soffice.py contains a hardcoded C source string that is written to a temporary file and compiled at runtime using gcc.\n
The resulting shared object library (lo_socket_shim.so) is then injected into the execution context of LibreOffice via the LD_PRELOAD environment variable. This represents a high-risk execution pattern capable of intercepting and modifying system calls.\n- [COMMAND_EXECUTION]: Arbitrary subprocess execution for utility functions.\n
The skill frequently invokes external binaries including soffice, pdftoppm, gcc, and git through subprocess.run calls.\n
In scripts/office/validators/redlining.py, the skill calls git diff to compare text content extracted from different versions of Word documents, exposing the environment to command-line risks if paths are not properly sanitized.\n- [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection.\n
Ingestion points: Untrusted data enters the agent context through text extraction from slides via markitdown and visual analysis of rendered thumbnails and slide images.\n
Boundary markers: The instructions provided to the agent and subagents fail to define clear delimiters or 'ignore' instructions for content parsed from user-provided files.\n
Capability inventory: The skill possesses powerful capabilities such as arbitrary command execution and file system modification (e.g., scripts/clean.py unlinks files and scripts/add_slide.py writes XML content).\n
Sanitization: There is no evidence of sanitization or escaping of extracted slide text before it is interpolated into agent prompts.

pptx