Skills
skills/ocozyo/docs-to-wiki/pptx-to-md/Gen Agent Trust Hub

pptx-to-md

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Malicious instructions embedded within processed PowerPoint slides (rendered as images) could influence the behavior of the agent or its subagents during the description phase.
  • Ingestion points: Slide images (.png) generated from user-supplied .pptx/.ppsx files in scripts/pptx_to_md.py.
  • Boundary markers: The system lacks explicit delimiters or instructions to ignore potential adversarial content within the slide images.
  • Capability inventory: The agent utilizes Read, Edit, and Agent (subagent spawning) tools to process and incorporate descriptions into the final Markdown file.
  • Sanitization: There is no sanitization or validation of the text generated by the vision capability before it is written to the filesystem.
  • [COMMAND_EXECUTION]: The script scripts/pptx_to_md.py executes the soffice (LibreOffice) command via the subprocess module to perform file conversions. While implemented using a list of arguments (reducing shell injection risk), it relies on an external binary being present and correctly configured on the system.
  • [CREDENTIALS_UNSAFE]: The documentation in SKILL.md and the help text in scripts/pptx_to_md.py encourage users to provide an Anthropic API key via a command-line flag (--api-key). This practice can expose sensitive credentials in shell history, process listings, and logs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 12:06 PM