frontend-slides
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python scripts to process PowerPoint files and uses the system
opencommand to launch the generated HTML presentations in a browser. - [EXTERNAL_DOWNLOADS]: Requires the installation of the
python-pptxlibrary from the standard Python Package Index (PyPI) to support the conversion functionality. - [DATA_EXPOSURE]: The skill is designed to read local PowerPoint (.ppt, .pptx) files to extract text and images for conversion into web-based slides. This behavior is transparent and aligned with the skill's stated purpose.
- [INDIRECT_PROMPT_INJECTION]: As the skill processes untrusted external data (PowerPoint files), it has an inherent surface for indirect prompt injection.
- Ingestion points: Data enters via the
python-pptxextraction logic inSKILL.md(Phase 4). - Boundary markers: The skill implements a manual confirmation step (Phase 4.2) where it presents extracted content to the user before proceeding.
- Capability inventory: The skill performs file writes (HTML/Assets) and shell execution (Python/Open) as described in
SKILL.md. - Sanitization: There is no explicit sanitization of extracted text, but the human-review checkpoint serves as a primary mitigation.
Audit Metadata