pptx
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection as it is designed to process and render untrusted content from external HTML and PPTX files using powerful execution environments.
- Ingestion points: Untrusted data enters the agent context through
scripts/html2pptx.js(reading HTML files) and through Python scripts such asinventory.pyandreplace.py(processing PPTX files). - Boundary markers: The skill does not implement explicit boundary markers or "ignore embedded instructions" warnings when processing the text content of slides or HTML templates.
- Capability inventory: The skill has access to a headless browser (
playwright), file system write operations, and several command-line tools executed via subprocesses includingsoffice(LibreOffice),pdftoppm, andgit(inpack.py,thumbnail.py, andredlining.py). - Sanitization: While the skill correctly uses
defusedxmlto mitigate XML-based attacks during parsing, it does not fully sanitize interpolated text content against nested natural language instructions that might influence the agent's behavior during analysis.
Audit Metadata