pptx
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]:\n
- Misleading Metadata: The LICENSE.txt file claims copyright by "Anthropic, PBC", which is deceptive as the author is identified as Dedalus-ERP-PAS. This impersonation may lead users to misjudge the skill's origin and safety.\n
- Overriding Instructions: SKILL.md contains forceful instructions ("MANDATORY
- READ ENTIRE FILE", "NEVER set any range limits") intended to override default agent behavior regarding file reading and context management.\n
- Indirect Prompt Injection Surface: The skill ingests untrusted content from PowerPoint files and renders HTML slides via a headless browser. Ingestion occurs in scripts/inventory.py, scripts/replace.py, and scripts/html2pptx.js. No explicit boundary markers are used to separate untrusted data from instructions. Capabilities include file system writes and subprocess execution of system utilities like LibreOffice. Sanitization is partially addressed by using the defusedxml library in ooxml/scripts/unpack.py.\n- [COMMAND_EXECUTION]:\n
- ooxml/scripts/pack.py and scripts/thumbnail.py execute the "soffice" binary (LibreOffice) via subprocess calls to perform document conversions.\n
- scripts/thumbnail.py executes the "pdftoppm" utility to convert PDF files to images.\n
- ooxml/scripts/validation/redlining.py executes "git" diff commands to perform text comparisons during document validation.\n- [EXTERNAL_DOWNLOADS]:\n
- The documentation lists several required external dependencies including python-pptx, defusedxml, markitdown, playwright, pptxgenjs, and sharp.
Audit Metadata