pptx
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Runtime compilation of C source code detected in scripts/office/soffice.py. The script writes a hardcoded C shim to a temporary file and compiles it into a shared library using gcc.
- [COMMAND_EXECUTION]: Process injection via LD_PRELOAD. The script scripts/office/soffice.py uses the LD_PRELOAD environment variable to force the soffice process to load the custom C shim to intercept system calls (socket, accept, etc.).
- [COMMAND_EXECUTION]: Frequent execution of system utilities including gcc, soffice, pdftoppm, and git via subprocess.run across various helper scripts for document rendering and validation.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified (Category 8). Ingestion point: scripts/office/unpack.py and markitdown read XML content from untrusted user-provided PPTX files. Boundary markers: Absent. Capability inventory: The skill has file system access, zip creation, and command execution capabilities. Sanitization: Uses defusedxml for XML parsing, but lacks natural language content filtering before processing.
Audit Metadata