document-skills/pptx

Pass

Audited by Gen Agent Trust Hub on Jun 6, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill demonstrates defensive design in several areas.
  • [COMMAND_EXECUTION]: The Python scripts utilize the secure list-based API of subprocess.run to invoke system utilities like LibreOffice (soffice), Poppler (pdftoppm), and git. This approach avoids shell interpretation and protects against command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: All external dependencies are well-known, established libraries from official package registries (PyPI and NPM) dedicated to document processing, rendering, and image manipulation. These include playwright, pptxgenjs, markitdown, and python-pptx.
  • [DATA_EXFILTRATION]: Analysis of the source code confirms that file and network operations are strictly limited to the intended functionality of local document conversion and visual auditing. There is no evidence of credential harvesting or unauthorized data transmission.
  • [OBFUSCATION]: The code and instructions are written in plain text with clear intent, and no hidden payloads or encoded commands were discovered during the de-obfuscation scan.
  • [SAFE]: The skill uses defusedxml to mitigate XML External Entity (XXE) attacks when parsing Office Open XML structures, which is a key security standard for document-handling applications.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 6, 2026, 02:28 PM
Security Audit — agent-trust-hub — document-skills/pptx