universal-pptx-generator
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill is designed to parse untrusted external data (PPTX templates, DOCX, and PDF files), which creates an indirect prompt injection surface. [Ingestion points]: README.md specifies that the skill analyzes slide XML and extracts content from user-provided documents. [Boundary markers]: Absent; the documentation does not mention instructions to the agent to isolate or ignore instructions embedded in those documents. [Capability inventory]: The skill description implies file system read/write and script execution capabilities via Node.js and Python. [Sanitization]: No sanitization or validation of input document content is described.
- EXTERNAL_DOWNLOADS (LOW): The installation guide recommends cloning the skill from an untrusted GitHub repository (github.com/ajaxhe/universal-pptx-generator-skill.git) which is not within the trusted scope.
- NO_CODE (SAFE): The submission consists only of documentation and a license; the primary logic in SKILL.md and supporting scripts were not provided for analysis.
Audit Metadata