Skills
skills/wizeline/sdlc-agents/editing-pptx-files/Gen Agent Trust Hub

editing-pptx-files

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/office/soffice.py performs runtime compilation of C code using gcc and utilizes LD_PRELOAD to inject the library into the soffice process. This is a powerful mechanism used to shim system-level calls for restricted environments.
  • [COMMAND_EXECUTION]: Multiple components, including scripts/thumbnail.py and scripts/office/validators/redlining.py, execute system binaries such as soffice, pdftoppm, and git via subprocess.run during normal operation.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from .pptx files. Extracted content is provided to the agent and subagents without explicit boundary markers or instructions to ignore embedded commands, presenting a surface for indirect prompt injection (Category 8).
  • [DATA_EXFILTRATION]: In scripts/office/validators/redlining.py, the xml.etree.ElementTree library is used to parse XML from untrusted inputs without explicit protection against XML External Entity (XXE) attacks, which could lead to unauthorized file exposure.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 10:23 AM