pptx
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runto execute system utilities such assoffice(LibreOffice) for PDF conversion,pdftoppmfor image generation, andgitfor document diffing. These operations are restricted to the local environment and are essential for the skill's stated purpose of manipulating and analyzing presentation files. No shell injection vectors were identified as arguments are passed as lists to the subprocess handler. - [EXTERNAL_DOWNLOADS]: The skill references standard, well-known packages from official registries, including
playwright,sharp, andpptxgenjsfrom NPM, andmarkitdownanddefusedxmlfrom PyPI. These are legitimate dependencies for document processing, rendering, and secure XML parsing. The instructions to install system packages likelibreofficeandpoppler-utilsviasudoare standard for the required conversion functionality.
Audit Metadata