brand-pptx
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a local Python engine launcher (scripts/cli.py) to perform document processing tasks. The logic for locating the project root and importing internal modules follows standard plugin development practices.
- [SAFE]: External dependencies referenced, such as LibreOffice (soffice), Tesseract OCR, and PDF utilities (pdftoppm), are standard tools required for the skill's primary purpose of document rendering and visual verification.
- [SAFE]: The skill addresses potential indirect prompt injection risks by employing a 'fail-closed' architecture. Model-authored configurations (comprehension.json) are subjected to deterministic validation and membership checks against extracted inventories before being persisted, preventing the injection of arbitrary or off-brand values.
- [SAFE]: The visual audit workflow ensures transparency by rendering output to PNGs for human/model review, and it uses deterministic pixel proxies to detect rendering defects without relying on unvalidated external inputs.
Audit Metadata