slides-polish
Warn
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of system commands via the Bash tool. It invokes
python3,pdftoppm,mutool,soffice,xelatex, andlatexmkto process documents. There is a risk of command injection as user-supplied arguments (filenames/paths) are interpolated into shell commands without explicit sanitization instructions. - [REMOTE_CODE_EXECUTION]: The skill employs dynamic code generation and execution. It instructs the agent to create a Python script (
inspect_pptx.py) at runtime based on a provided schema and then execute it via the shell. Furthermore, it executes Python code snippets (usingpython-pptx) and LaTeX edits generated by an external model (mcp__codex__codex) to modify user files. If the external model's output is compromised, it could lead to arbitrary code execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It processes untrusted slide content (PPTX, TeX) which is rendered into images and passed to an LLM (Codex) for analysis. Malicious instructions or adversarial text embedded within the slides could influence the layout fixes or Python code generated by the model, potentially leading to unauthorized file modifications.
- [EXTERNAL_DOWNLOADS]: The skill identifies and requires external dependencies including the
python-pptxlibrary and several system-level utilities (LibreOffice,Poppler,MuPDF,LaTeXsuites). While the skill prompts the user for installation rather than performing it silently, these represent an expanded attack surface through third-party software.
Audit Metadata