pptx
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes external binaries such as
soffice(LibreOffice),pdftoppm(Poppler), andgitusingsubprocess.runin various Python scripts (thumbnail.py,pack.py,redlining.py). These calls use the list-based argument format, which mitigates command injection risks by avoiding shell execution. - [EXTERNAL_DOWNLOADS]: The
SKILL.mdfile specifies standard installation procedures for well-known dependencies from PyPI and NPM, includingmarkitdown,pptxgenjs, andplaywright. These resources are required for the skill's primary functions such as text extraction and HTML rendering. - [SAFE]: The skill implements secure XML handling using the
defusedxmllibrary to prevent XML External Entity (XXE) attacks. Additionally, it provides extensive validation logic and XSD schemas to ensure the integrity of Office Open XML files during modification.
Audit Metadata