Skills
skills/bcastelino/agent-skills-kit/pptx-official/Gen Agent Trust Hub

pptx-official

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The scripts ooxml/scripts/pack.py, scripts/thumbnail.py, and ooxml/scripts/validation/redlining.py utilize subprocess.run to call system utilities such as soffice, pdftoppm, and git. These invocations are implemented securely using list-based arguments without shell=True, which effectively prevents command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: Documentation in SKILL.md lists several well-known and reputable third-party dependencies from official registries (NPM and PyPI), including playwright, sharp, pptxgenjs, and python-pptx.
  • [SAFE]: The skill implements secure XML handling by using the defusedxml library in ooxml/scripts/unpack.py and ooxml/scripts/pack.py, protecting the environment against XML External Entity (XXE) and entity expansion attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:42 AM
Security Audit — agent-trust-hub — pptx-official