pptx
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
compile.jsscript dynamically loads and executes JavaScript modules from theslides/directory using therequire()function. These modules are generated by the agent during the slide creation process. - [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands for installing dependencies (
pip install,npm install) and for running the slide compilation script (node compile.js). - [PROMPT_INJECTION]: The skill processes untrusted external data from user-provided PowerPoint files during reading and editing workflows. \n
- Ingestion points: Reading and editing
.pptxfiles usingmarkitdownand XML manipulation. \n - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from executing instructions embedded within the slide content. \n
- Capability inventory: The skill allows for file system writes, execution of Node.js scripts, and potential network access through image fetching. \n
- Sanitization: The documentation recommends the use of
defusedxmlto protect against XML External Entity (XXE) vulnerabilities during template editing. - [EXTERNAL_DOWNLOADS]: The skill uses the
pptxgenjslibrary which supports fetching images from remote URLs, presenting a potential vector for unauthorized network requests.
Audit Metadata