pptx
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the processing of complex external files.
- Ingestion points: Reads and extracts content from user-provided PowerPoint (.pptx) files using
ooxml/scripts/unpack.pyand processes HTML content for slide generation inscripts/html2pptx.js. - Boundary markers: Absent when document content is extracted and presented to the agent for editing or analysis.
- Capability inventory: The skill has permission to use the
Bashtool and performs multiple system calls viasubprocess.run, providing an exploitation path if malicious instructions are processed. - Sanitization: While
defusedxmlis used for XML parsing, the zip extraction logic inooxml/scripts/unpack.pyandooxml/scripts/validation/base.pyuseszipfile.extractall()without member validation, making the environment susceptible to Zip Slip (arbitrary file write) attacks. - [COMMAND_EXECUTION]: The skill executes various system utilities to perform document conversion and validation tasks.
- Evidence: Uses
subprocess.runto invokesoffice(LibreOffice) for PDF/HTML conversion,pdftoppm(Poppler) for thumbnail creation, andgit difffor change validation inooxml/scripts/pack.py,scripts/thumbnail.py, andooxml/scripts/validation/redlining.py.
Audit Metadata