Skills
skills/4444j99/a-i--skills/pptx/Gen Agent Trust Hub

pptx

Fail

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The utility script ooxml/scripts/unpack.py utilizes zipfile.extractall() without performing path validation on the archive's contents. This implementation is vulnerable to 'ZipSlip' attacks, where a malicious PPTX file could contain files with path traversal sequences (e.g., ../../.ssh/authorized_keys) to overwrite sensitive files on the host system.
  • [COMMAND_EXECUTION]: The scripts ooxml/scripts/pack.py and scripts/thumbnail.py use subprocess.run to execute binary tools such as soffice and pdftoppm. While these calls do not use a shell, they pass unvalidated filenames derived from potentially untrusted inputs, which could lead to argument injection or unintended system interactions.
  • [COMMAND_EXECUTION]: The scripts/html2pptx.js tool uses Playwright to launch a Chromium browser for rendering HTML slides. This involves executing a complex, dynamic environment to process local files, which could be exploited if the HTML content is crafted to access local resources or trigger browser-level vulnerabilities.
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for Indirect Prompt Injection (Category 8). It ingests untrusted data from PPTX and HTML files and instructs the agent to read the full content of these files without restriction. This allows an attacker to embed malicious instructions within a presentation that could manipulate the agent's behavior during analysis or modification.
  • Ingestion points: scripts/inventory.py, ooxml/scripts/unpack.py, scripts/html2pptx.js (Parsing slide content and HTML templates).
  • Boundary markers: Absent. The instructions specifically mandate reading the entire file contents without using safe delimiters or ignore-instructions markers.
  • Capability inventory: Arbitrary file write via ZIP extraction (unpack.py), shell command execution (pack.py, thumbnail.py), and dynamic browser rendering (html2pptx.js).
  • Sanitization: Insufficient. Path traversal checks are missing in ZIP extraction, and HTML rendering lacks content security policies.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 9, 2026, 10:10 PM