syncfusion-dotnet-powerpoint
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes temporary C# script files (.csx) using the dotnet-script tool for PowerPoint automation. This activity is restricted to a specific scripts directory within the skill root.
- [EXTERNAL_DOWNLOADS]: The skill utilizes official Syncfusion NuGet packages and the dotnet-script utility. These resources originate from a well-known, trusted technology vendor.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. 1. Ingestion points: File reading operations via Presentation.Open() in presentation-structure.md and other reference files. 2. Boundary markers: No specific delimiters or 'ignore' instructions are defined for content read from external PPTX files. 3. Capability inventory: Ability to write to the file system and execute C# scripts via dotnet-script. 4. Sanitization: No explicit validation or filtering is performed on data extracted from external presentations before use.
Audit Metadata