powerpoint-automation
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Several components of the pipeline, including the Python scripts
create_from_template.pyandresume_workflow.py, utilize subprocess calls to interact with the local environment. These interactions are limited to operational tasks such as retrieving repository metadata via Git, executing internal pipeline utilities, and launching the final PowerPoint application. - [EXTERNAL_DOWNLOADS]: The skill contains logic in
extract_images.pyandcreate_from_template.pyto download image assets from external URLs. This functionality is intended to allow the inclusion of visual content from source articles into the generated slides and does not involve the execution of untrusted remote scripts. - [PROMPT_INJECTION]: The skill's primary workflow involves processing external web content for slide generation, which serves as a potential ingestion point for indirect prompt injection. However, the analysis found no evidence of instructions that attempt to override AI constraints or disregard system protocols.
Audit Metadata