lx-ppt
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
lxcommand-line interface to perform operations such as generating, modifying, and deleting PPT pages. These are standard functional calls to the vendor's provided tooling. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted data (user-provided context, planning descriptions, and external reports) which is then passed as arguments to AI-driven commands (
lx ppt generate-ppt). This is an inherent risk of the functionality but no malicious exploitation patterns were found in the static code. - Ingestion points: Data enters through the
--context,--planning, and--deep-research-report-urlparameters inSKILL.mdandreferences/ppt.md. - Boundary markers: None explicitly defined to separate user data from instructions in the command arguments.
- Capability inventory: Subprocess execution of
lxCLI commands across all operational scripts. - Sanitization: No explicit sanitization or escaping of input data is defined within the skill instructions.
Audit Metadata