pptx

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to execute system utilities such as soffice (LibreOffice) for PDF conversion, pdftoppm for image generation, and git for document diffing. These operations are restricted to the local environment and are essential for the skill's stated purpose of manipulating and analyzing presentation files. No shell injection vectors were identified as arguments are passed as lists to the subprocess handler.
  • [EXTERNAL_DOWNLOADS]: The skill references standard, well-known packages from official registries, including playwright, sharp, and pptxgenjs from NPM, and markitdown and defusedxml from PyPI. These are legitimate dependencies for document processing, rendering, and secure XML parsing. The instructions to install system packages like libreoffice and poppler-utils via sudo are standard for the required conversion functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 06:33 PM
Security Audit — agent-trust-hub — pptx