ppt-agent
Pass
Audited by Gen Agent Trust Hub on Jun 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automatically manages its execution environment by installing necessary Node.js packages such as 'puppeteer' and 'dom-to-svg' from the NPM registry using the 'npm install' command. It also utilizes 'npx' to dynamically fetch and run 'esbuild' for asset bundling.
- [COMMAND_EXECUTION]: Several scripts in the skill's toolset, including 'scripts/subagent_logger.py' and 'scripts/html2png.py', utilize the 'subprocess' module to execute system commands. Specifically, 'subagent_logger.py' provides a generic interface for sub-agents to execute CLI tools and capture their output for logging and auditing purposes.
- [PROMPT_INJECTION]: Prompt templates used by the skill (found in 'references/prompts/') contain 'CRITICAL OVERRIDE' headers and instructions designed to define sub-agent roles and enforce context isolation, such as directives that explicitly forbid sub-agents from accessing the primary 'SKILL.md' instruction file.
Audit Metadata