The Agent Skills Directory

[DYNAMIC_EXECUTION]: The module scripts/office/soffice.py performs runtime compilation and library injection. It writes a C source string to a temporary file, compiles it into a shared object using gcc, and then uses the LD_PRELOAD environment variable to load the shim when executing LibreOffice. This is designed to redirect AF_UNIX socket calls to socketpair to bypass environment restrictions.
[COMMAND_EXECUTION]: The skill relies heavily on executing external binary tools via subprocess, including gcc for compilation, soffice for PDF conversion, and pdftoppm for image generation.
[EXTERNAL_DOWNLOADS]: The skill instructions and documentation specify dependencies on several external packages from public registries, including markitdown, pptxgenjs, react-icons, and sharp.
[INDIRECT_PROMPT_INJECTION]: The skill extracts and processes text from untrusted .pptx input files. While it uses defusedxml to prevent XML-based attacks (like XXE), the extracted content enters the agent's context and could contain malicious instructions designed to override agent behavior.
[SAFE]: The skill correctly uses defusedxml for XML parsing tasks, which is a security best practice for handling potentially malicious Office document structures.

pptx