Skills
skills/hhx465453939/claude_skill_pool/frontend-slides/Gen Agent Trust Hub

frontend-slides

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script scripts/extract-pptx.py to extract content from PowerPoint files and uses the system open command to display generated presentations.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of standard Python packages python-pptx and Pillow from official registries to support file extraction and image processing.
  • [PROMPT_INJECTION]: The skill processes external content from PowerPoint files, which creates an attack surface for indirect prompt injection.
  • Ingestion points: PowerPoint file content is extracted using the extract-pptx.py script in Phase 4.
  • Boundary markers: No explicit markers or instructions are provided to isolate extracted text from the agent's internal instructions.
  • Capability inventory: The skill allows the agent to execute shell commands, install packages, and write files to the local system.
  • Sanitization: The extracted content is used to populate slide templates without specific filtering for malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 11:11 AM
Security Audit — agent-trust-hub — frontend-slides