The Agent Skills Directory

[COMMAND_EXECUTION]: Runtime code generation and process injection. The script 'scripts/office/soffice.py' contains an embedded C source string that is written to a temporary file and compiled into a shared library using 'gcc' at runtime. It then utilizes the 'LD_PRELOAD' environment variable to inject this library into the 'soffice' process to bypass socket restrictions. This is a high-risk dynamic execution pattern.
[COMMAND_EXECUTION]: System binary execution. The skill frequently uses the 'subprocess' module to execute external binaries including 'soffice', 'pdftoppm', 'gcc', and 'git'. These calls occur in 'scripts/thumbnail.py', 'scripts/office/soffice.py', and 'scripts/office/validators/redlining.py'.
[PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The skill ingests data from external PowerPoint files which could contain malicious instructions designed to influence the agent's behavior. Evidence: 1. Ingestion points: 'scripts/office/unpack.py' and 'scripts/thumbnail.py' read and process untrusted slide content. 2. Boundary markers: Absent. Slide content is extracted and processed without delimiters or instructions to ignore embedded commands. 3. Capability inventory: The skill has extensive capabilities including system command execution and file system manipulation. 4. Sanitization: While 'defusedxml' is used to mitigate XML-based attacks, there is no logic to sanitize or escape the actual text content of the slides.
[PROMPT_INJECTION]: Deceptive authorship metadata. The 'LICENSE.txt' file claims copyright for Anthropic, PBC, which conflicts with the provided author attribution to 'qdbin'. This inconsistency could lead to a misjudgment of the skill's origin and safety profile.

pptx