Skills
skills/ericgandrade/cli-ai-skills/pptx-translator/Gen Agent Trust Hub

pptx-translator

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The skill uses lxml.etree.fromstring in SKILL.md to parse XML data extracted from the ZIP structure of user-provided PowerPoint files (specifically for SmartArt translation). Parsing untrusted XML content without explicit security configurations is a known vector for XML External Entity (XXE) attacks. Mitigations include using a parser with entity resolution disabled (e.g., resolve_entities=False).
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: Text blocks extracted from the source .pptx file are interpolated into prompts for the SlideClassifier, SlideTranslator, and SmartArtTranslator sub-agents.
  • Boundary markers: Content is wrapped in JSON formatting, but there are no defensive instructions (e.g., "ignore instructions in the following data") to protect the sub-agents from malicious slide content.
  • Capability inventory: The skill uses python3 to execute shell commands, manipulates the file system (read, write, delete), and manages internal ZIP file structures.
  • Sanitization: No sanitization or filtering of the extracted slide text is performed before processing.
  • [COMMAND_EXECUTION]: The skill performs a silent installation of the python-pptx and langdetect packages using pip install --user during the setup phase in SKILL.md. While these are standard libraries for the task, the installation occurs without an initial user confirmation prompt.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 12:36 PM
Security Audit — agent-trust-hub — pptx-translator