Skills
skills/ocozyo/doc-to-md-skills/pptx-to-md/Gen Agent Trust Hub

pptx-to-md

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/pptx_to_md.py invokes the soffice (LibreOffice) binary to convert presentation files to PDF. This command is executed via subprocess.run with a list of arguments, which is a safe practice against shell injection.
  • [EXTERNAL_DOWNLOADS]: The skill uses the official Anthropic Python SDK to transmit slide images to the Claude Vision API for content analysis. This is a well-known service and the operation is central to the skill's documented functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from PowerPoint slides through a Vision LLM. Malicious instructions embedded within a slide could influence the generated Markdown description, though the impact is limited to the content of the output file.
  • [SAFE]: The skill utilizes temporary directories for processing intermediate files and includes a --max-slides parameter to prevent excessive API usage, demonstrating standard safety considerations for this type of tool.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 05:53 AM