Skills
skills/dwdestiny/codex-visual-ppt-deck-builder/visual-ppt-deck-builder/Gen Agent Trust Hub

visual-ppt-deck-builder

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's Node.js scripts utilize subprocesses to perform specialized tasks such as image manipulation and document parsing.\n
  • Evidence: build_style_candidates.js and design_director_qa.js use spawnSync to execute python3, unzip, sips, and qlmanage for internal processing logic.\n- [EXTERNAL_DOWNLOADS]: The skill relies on third-party libraries for core functionality.\n
  • Evidence: It depends on the pptxgenjs Node.js package and requires the Pillow (PIL) library for its Python analysis component.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted user data to generate presentation content.\n
  • Ingestion points: User-provided presentation topics and outlines processed in SKILL.md.\n
  • Boundary markers: Absent in the processing scripts.\n
  • Capability inventory: Local file write operations and subprocess execution of helper scripts.\n
  • Sanitization: User input is interpolated into slide content and generation prompts without explicit escaping or sanitization.\n- [SAFE]: Hardcoded local paths (e.g., /Users/dw/...) are present in the scripts as fallbacks for dependency loading, which is documented as a non-malicious best-practice violation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 01:44 AM
Security Audit — agent-trust-hub — visual-ppt-deck-builder