Skills
skills/dokhacgiakhoa/antigravity-ide/pptx/Gen Agent Trust Hub

pptx

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run() to execute system utilities for document manipulation and comparison. \n
  • soffice is utilized in ooxml/scripts/pack.py and scripts/thumbnail.py for document validation and conversion tasks. \n
  • pdftoppm is used in scripts/thumbnail.py to convert PDF slides into images. \n
  • git diff is used in ooxml/scripts/validation/redlining.py to perform word-level comparisons of document text content. \n- [PROMPT_INJECTION]: The skill ingests external data from presentation and HTML files, creating an indirect prompt injection surface where malicious instructions could be embedded in the content being processed. \n
  • scripts/inventory.py extracts slide text directly into the agent's context. \n
  • scripts/html2pptx.js renders HTML templates using Playwright to extract layout and positioning data. \n- [SAFE]: The skill demonstrates secure coding practices by using the defusedxml library in unpack.py and pack.py to prevent XML-based attacks such as XML External Entity (XXE) exploitation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 01:43 PM