pptx-prep
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs local file operations within the project workspace, specifically reading from a user-provided
materials/directory and writing amanifest.ymlfile. These actions are transparent, restricted to the skill's context, and essential for its stated purpose. - [SAFE]: Although the skill processes external data (e.g., text and images) which is a common surface for indirect prompt injection, it incorporates multiple human-in-the-loop checkpoints and explicit confirmation steps (Phase 5, 9, 11) that effectively manage this risk.
- [SAFE]: Documentation provides standard shell command examples for installation and for running the validation script (
python validate.py). These are standard usage instructions and do not involve autonomous or malicious command execution. - [SAFE]: The skill instructions allow the agent to use external tools for image search and generation to resolve missing materials. These operations are performed at the user's request as part of the primary workflow and result in local downloads for user review.
Audit Metadata