ppt-tts-script

Warn

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill recommends the installation of an external package via NPM with a confusing name: @anthropic-ai/gemini-cli. As Gemini is a Google product and Anthropic is a different entity, this mismatch is a significant red flag for potential supply chain attacks or malicious package redirection.
  • Evidence found in README.md and scripts/check_deps.py.
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell command execution through various methods:
  • scripts/extract_ppt.py uses os.system() to invoke system utilities like which.
  • scripts/check_deps.py uses subprocess.run() to execute commands and check versions.
  • scripts/gemini-task.sh is a shell script wrapper that executes the gemini command with user-supplied arguments, which can be a vector for command injection if inputs are not properly sanitized.
  • [DYNAMIC_EXECUTION]: The script scripts/check_deps.py uses the __import__() function to dynamically load Python modules at runtime. While used for dependency checking, dynamic imports can be used to execute arbitrary code if module names are manipulated.
  • [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing untrusted data from PPTX and PDF files.
  • Ingestion points: Raw text extracted from user-provided presentation files in Step 1 (01_materials/slide-XX.md).
  • Boundary markers: The prompt templates in references/manuscript-generator.md use headers but lack strong delimiters or explicit instructions to the AI to ignore embedded commands within the slide content.
  • Capability inventory: The agent has the ability to execute shell commands (os.system, subprocess) and call external APIs via the Gemini CLI.
  • Sanitization: There is no evidence of sanitization or filtering of the extracted text before it is interpolated into the prompt for script generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 21, 2026, 06:42 AM
Security Audit — agent-trust-hub — ppt-tts-script