Skills
skills/sentry01/copilot-cli-skills/powerpoint-toolkit/Gen Agent Trust Hub

powerpoint-toolkit

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/thumbnails.py file executes external system utilities soffice and pdftoppm via subprocess.run to generate visual previews of slides.
  • [COMMAND_EXECUTION]: The scripts/setup_deps.py script manages environment setup by installing well-known dependencies including python-pptx, Pillow, and pyyaml.
  • [EXTERNAL_DOWNLOADS]: Documentation in references/design-and-creation.md includes code snippets that demonstrate downloading remote images using urllib.request.urlretrieve.
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerabilities exist because the skill extracts and interprets text from external PowerPoint files which may contain adversarial instructions.
  • Ingestion points: scripts/extract_text.py, scripts/inspect_pptx.py, and scripts/analyze_pptx.py ingest slide text, tables, and speaker notes.
  • Boundary markers: None; the skill does not use delimiters or provide instructions to the agent to ignore content within the extracted data.
  • Capability inventory: File system modification, execution of system binaries, and network access (via examples).
  • Sanitization: No sanitization or filtering of the extracted slide content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 02:08 PM