pptx

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external command-line utilities to handle complex document format conversions and validations.
  • soffice (LibreOffice) is called in scripts/thumbnail.py and ooxml/scripts/pack.py to convert presentations to PDF or validate their structure.
  • pdftoppm is used in scripts/thumbnail.py to generate slide thumbnails from PDF versions of the presentation.
  • git diff is utilized in ooxml/scripts/validation/redlining.py to accurately track and compare text changes across document versions.
  • These executions are strictly for the skill's primary document management purpose and operate on workspace files.
  • [SAFE]: The code follows defensive programming patterns for file and data processing.
  • Secure XML parsing is implemented using defusedxml.minidom in ooxml/scripts/unpack.py and ooxml/scripts/pack.py to mitigate XXE risks.
  • The html2pptx.js script uses Playwright for local HTML rendering with restrictive viewport and navigation settings.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — pptx