wan-pptx-generator
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the user to run the Python script scripts/pptx-generator.py to interact with the DashScope API and manage file operations.
- [DATA_EXFILTRATION]: The skill reads user-provided documents or text and transmits them to Alibaba Cloud's DashScope API (dashscope.aliyuncs.com) for processing. This transmission is a core feature of the skill and targets a well-known service provider.
- [EXTERNAL_DOWNLOADS]: The generator script automatically downloads generated image assets and the completed PowerPoint presentation from the service provider's delivery URLs using standard library functions.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it incorporates external document content into the model's processing context. 1. Ingestion points: File reading through the --file or --content arguments in scripts/pptx-generator.py. 2. Boundary markers: Absent; document content is passed directly to the model as part of the prompt. 3. Capability inventory: The script has capabilities for file system access and network communication to Aliyun. 4. Sanitization: No validation or filtering is performed on the content of the input files.
Audit Metadata