document-skills/pptx
Pass
Audited by Gen Agent Trust Hub on Jun 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill demonstrates defensive design in several areas.
- [COMMAND_EXECUTION]: The Python scripts utilize the secure list-based API of
subprocess.runto invoke system utilities like LibreOffice (soffice), Poppler (pdftoppm), andgit. This approach avoids shell interpretation and protects against command injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: All external dependencies are well-known, established libraries from official package registries (PyPI and NPM) dedicated to document processing, rendering, and image manipulation. These include
playwright,pptxgenjs,markitdown, andpython-pptx. - [DATA_EXFILTRATION]: Analysis of the source code confirms that file and network operations are strictly limited to the intended functionality of local document conversion and visual auditing. There is no evidence of credential harvesting or unauthorized data transmission.
- [OBFUSCATION]: The code and instructions are written in plain text with clear intent, and no hidden payloads or encoded commands were discovered during the de-obfuscation scan.
- [SAFE]: The skill uses
defusedxmlto mitigate XML External Entity (XXE) attacks when parsing Office Open XML structures, which is a key security standard for document-handling applications.
Audit Metadata