brand-pptx

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses a local Python engine launcher (scripts/cli.py) to perform document processing tasks. The logic for locating the project root and importing internal modules follows standard plugin development practices.
  • [SAFE]: External dependencies referenced, such as LibreOffice (soffice), Tesseract OCR, and PDF utilities (pdftoppm), are standard tools required for the skill's primary purpose of document rendering and visual verification.
  • [SAFE]: The skill addresses potential indirect prompt injection risks by employing a 'fail-closed' architecture. Model-authored configurations (comprehension.json) are subjected to deterministic validation and membership checks against extracted inventories before being persisted, preventing the injection of arbitrary or off-brand values.
  • [SAFE]: The visual audit workflow ensures transparency by rendering output to PNGs for human/model review, and it uses deterministic pixel proxies to detect rendering defects without relying on unvalidated external inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:23 AM
Security Audit — agent-trust-hub — brand-pptx