pptx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill unpacks and processes arbitrary user-supplied presentation and HTML files (e.g., ooxml/scripts/unpack.py, html2pptx.js, scripts/inventory.py and scripts/thumbnail.py) and explicitly extracts/reads their text and XML, so it ingests untrusted user-generated third-party content that the agent is expected to read and interpret.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs installing system packages using sudo (e.g., "sudo apt-get install libreoffice" and "sudo apt-get install poppler-utils") and global package installs that may require elevated privileges, which encourages changing the machine state and obtaining sudo rights.