The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to call system utilities such as soffice (LibreOffice) for document validation, pdftoppm (Poppler) for thumbnail generation, and git for redlining diffs. These operations are performed safely by passing arguments as lists, which prevents shell metacharacter interpretation and command injection.\n- [EXTERNAL_DOWNLOADS]: Dependencies are retrieved from standard registries (PyPI and NPM). The skill utilizes the playwright library, which involves downloading browser binaries; this is a standard and expected behavior for the library's functionality.\n- [SAFE]: The skill consistently uses the defusedxml library for parsing OOXML content, providing protection against XML External Entity (XXE) and other XML-based denial-of-service attacks.\n- [SAFE]: The unpacking logic in ooxml/scripts/unpack.py includes proactive security checks that prevent the extraction of symbolic links and ensure all files are extracted within the target directory, mitigating potential ZipSlip vulnerabilities.

pptx-official