fsi-fa-ppt-template-creator
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python code snippets intended for execution by the agent to analyze local PowerPoint templates. It utilizes the
python-pptxlibrary to programmatically inspect slide layouts, placeholders, and object coordinates. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted user-provided files (.pptx) and extracts metadata to generate a new skill.
- Ingestion points: User-provided .pptx or .potx files processed in the 'Analyze Template' step.
- Boundary markers: None identified for data extracted from the template during analysis.
- Capability inventory: Python execution for file analysis and file system write access to create the new skill folder and SKILL.md file.
- Sanitization: None identified; the skill extracts labels and structural data directly from the binary file formats without validation against malicious instructions.
Audit Metadata