Skills
skills/nextlevelbuilder/goclaw/pptx/Gen Agent Trust Hub

pptx

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes system-level binaries for processing PowerPoint files into visual formats.
  • Evidence: In scripts/thumbnail.py, the script invokes soffice and pdftoppm via subprocess.run to convert presentations to PDF and then to JPG thumbnails. These calls use argument arrays rather than shell strings, preventing typical command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill requires several standard development dependencies from public registries.
  • Evidence: Documentation in SKILL.md and pptxgenjs.md lists installations for markitdown (a Microsoft tool), Pillow, pptxgenjs, react-icons, react, react-dom, and sharp. These are well-established, well-known packages used for the skill's primary purpose.
  • [SAFE]: The skill demonstrates a security-first approach to parsing office document content.
  • Evidence: The scripts scripts/clean.py and scripts/thumbnail.py utilize the defusedxml library for XML processing, which mitigates risks associated with XML External Entity (XXE) and billion laughs attacks when handling untrusted .pptx files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 06:33 AM
Security Audit — agent-trust-hub — pptx