pptx
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the system subprocess module to invoke 'soffice' (LibreOffice) and 'pdftoppm' (Poppler) for converting presentations to PDF and generating image thumbnails. These operations are limited to these specific tools and are essential for the skill's visual validation and conversion features.
- [EXTERNAL_DOWNLOADS]: The skill documentation specifies dependencies on standard packages such as 'playwright' for HTML rendering, 'sharp' for image processing, and 'markitdown' for text extraction. These are industry-standard tools retrieved from official registries for their specific tasks.
- [SAFE]: Security best practices are implemented through the use of the 'defusedxml' library for XML parsing across the Python scripts. This effectively mitigates common XML-based vulnerabilities such as XML External Entity (XXE) and expansion attacks when processing Office Open XML content.
Audit Metadata