pptx
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted PowerPoint (.pptx) files and extracting their text content for analysis. \n
- Ingestion points: Presentation files are ingested via
markitdown(referenced inSKILL.md),scripts/inventory.pyusing thepython-pptxlibrary, andooxml/scripts/unpack.pyusingzipfile. \n - Boundary markers: Absent. There are no explicit instructions for the agent to ignore potentially malicious embedded text during the extraction or analysis process. \n
- Capability inventory: The skill possesses significant capabilities including shell command execution via
subprocess.run(callingsofficeandpdftoppminscripts/thumbnail.pyandooxml/scripts/pack.py) and browser automation via Node.js/Playwright (scripts/html2pptx.js). \n - Sanitization: The skill correctly uses
defusedxmlinooxml/scripts/unpack.pyandooxml/scripts/pack.pyto prevent XML External Entity (XXE) attacks, which is a defensive best practice. However, it does not sanitize the extracted natural language content for potential prompt injection patterns.
Audit Metadata