Skills
skills/sunbigfly/ppt-agent-skill/ppt-agent/Gen Agent Trust Hub

ppt-agent

Warn

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the agent to execute several shell commands, including pip install, mkdir, and various internal Python scripts like prompt_assembler.py and html_packager.py.
  • [EXTERNAL_DOWNLOADS]: The skill performs runtime installation of external software packages. It specifically instructs the installation of python-pptx, lxml, and Pillow from PyPI, and puppeteer, dom-to-svg, and esbuild from NPM.
  • [REMOTE_CODE_EXECUTION]: The Python scripts html2png.py and html2svg.py execute npm install and node commands to fetch and run remote JavaScript libraries. While these are well-known tools used for browser automation, installing and executing code from external registries at runtime is a potential attack vector.
  • [DYNAMIC_EXECUTION]: The rendering scripts (html2png.py, html2svg.py) generate temporary JavaScript files (.html2png_tmp.js, .dom2svg_tmp.js) containing complex logic and then execute them using Node.js. This dynamic code generation and execution is used to bridge Python logic with Puppeteer-based slide rendering.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 03:02 AM