pptx
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from external PowerPoint (.pptx) files and templates, creating a surface for indirect prompt injection where instructions embedded in a document could influence the agent's behavior.
- Ingestion points: Office Open XML files (slide XMLs, notes, and comments) are unpacked and read by the agent via scripts/inventory.py and ooxml/scripts/unpack.py.
- Boundary markers: Absent; the skill does not explicitly instruct the agent to use delimiters or ignore instructions found within the PowerPoint data.
- Capability inventory: The skill can execute shell commands via the subprocess module (soffice, pdftoppm, git) and has file write access to the workspace.
- Sanitization: The skill utilizes the defusedxml library in ooxml/scripts/unpack.py and ooxml/scripts/pack.py to securely handle XML parsing and mitigate XML-based attacks.
- [COMMAND_EXECUTION]: Several utility scripts use the subprocess module to call system binaries for document conversion, validation, and comparison.
- soffice (LibreOffice) is executed in ooxml/scripts/pack.py and scripts/thumbnail.py for format conversion and visual validation.
- pdftoppm is used in scripts/thumbnail.py to generate slide images from PDF intermediates.
- git is used in ooxml/scripts/validation/redlining.py to perform character-level differences between document versions.
- [EXTERNAL_DOWNLOADS]: The skill documentation directs the user to install several packages from official registries to support its functionality.
- Python packages including markitdown and defusedxml are installed via pip.
- Node.js packages including pptxgenjs, playwright, and sharp are installed via npm.
- System utilities including libreoffice and poppler-utils are installed via the apt package manager.
Audit Metadata