pptx
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/office/soffice.py contains logic to dynamically generate C source code, compile it into a shared library using gcc, and then inject it into the soffice process using the LD_PRELOAD environment variable. This is intended to enable LibreOffice functionality in restricted networking environments.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. Untrusted data enters the agent context via presentation.pptx (SKILL.md) and template.pptx (editing.md) processed by markitdown and unpack.py. While defusedxml is used to mitigate XML-based attacks during parsing, there are no explicit boundary markers or sanitization procedures for natural language content. The skill's capability inventory includes subprocess execution of soffice, pdftoppm, and git across scripts/office/soffice.py and scripts/thumbnail.py, as well as file writing capabilities in pack.py and unpack.py.
Audit Metadata