pptx
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]:
- Workflow Directives: The skill documentation in 'SKILL.md' directs the agent to read entire files without range limits. This is a technical requirement for complex data processing rather than an attempt to override safety constraints.
- Indirect Injection Surface: The skill parses user-supplied PPTX files in 'scripts/inventory.py' and 'ooxml/scripts/unpack.py'. Malicious text or metadata within these files could attempt to influence the agent's logic. This surface is common in document analysis skills and is mitigated by the structural nature of the processing.
- Boundary Markers: The skill does not implement explicit delimiters or 'ignore embedded instructions' warnings when processing extracted text, which increases the surface for indirect prompt injection.
- [COMMAND_EXECUTION]:
- Local Tool Invocation: The skill executes 'soffice' (LibreOffice), 'pdftoppm' (Poppler), and 'git' via subprocesses in 'scripts/thumbnail.py' and 'ooxml/scripts/validation/redlining.py'. These tools are used for document conversion and validation within the local workspace.
- Dynamic Rendering: The 'scripts/html2pptx.js' component uses Playwright to launch a Chromium instance for rendering HTML content into slides. This execution is confined to local file paths and is essential for the skill's rendering capabilities.
- [EXTERNAL_DOWNLOADS]:
- Dependency Management: The skill relies on well-known, established packages from official registries, including 'python-pptx', 'defusedxml', 'pptxgenjs', and 'playwright'. These are documented as standard requirements for the presentation workflow.
Audit Metadata