Skills
skills/russell-cell/ppt-as-code/pptx-export-for-ppt-as-code/Gen Agent Trust Hub

pptx-export-for-ppt-as-code

Warn

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Deceptive metadata poisoning in agents/openai.yaml.
  • The short_description and default_prompt in the YAML interface claim the skill supports "editable-or-raster hybrid" output and uses "editable PPT content".
  • This directly contradicts the "Mandatory Rules" in SKILL.md and the instructions in references/rendering-rules.md, which explicitly state the skill supports "raster PPTX export only" and forbids native PowerPoint reconstruction.
  • This discrepancy is a form of metadata poisoning that could cause an agent or user to misjudge the skill's capabilities or safety boundaries.
  • [PROMPT_INJECTION]: Vulnerability to indirect prompt injection via untrusted data processing.
  • Ingestion points: The skill ingests index.html, deck_manifest.json, and local files in assets/ to generate the presentation.
  • Boundary markers: There are no instructions or delimiters defined to prevent the agent from obeying instructions embedded within the index.html or deck_manifest.json files during the export process.
  • Capability inventory: The skill performs file system reads, interacts with a browser environment to render HTML and capture screenshots, and writes to the file system (output.pptx).
  • Sanitization: The skill performs structural validation on the JSON manifest but lacks any sanitization or filtering for the HTML content that is rendered and captured.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 7, 2026, 02:43 AM