Skills
skills/aktsmm/agent-skills/powerpoint-automation/Gen Agent Trust Hub

powerpoint-automation

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads images from arbitrary user-provided URLs or URLs extracted from web articles in scripts/create_from_template.py and scripts/create_pptx.js. This behavior is aligned with its primary purpose of creating presentations from web sources.
  • [COMMAND_EXECUTION]: Several scripts utilize shell command execution for utility purposes. scripts/pptx-signature.js runs git remote get-url origin to fetch repository metadata for attribution. scripts/resume_workflow.py uses subprocess.run with shell=True to open the final presentation using the system default handler. scripts/extract_parallel.ps1 uses PowerShell jobs to run scripts in parallel.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8).
  • Ingestion points: Untrusted data enters via scripts/classify_input.py (URL fetching) and scripts/reconstruct_analyzer.py (PPTX parsing).
  • Boundary markers: Data is structured into a content.json Intermediate Representation (IR) following a strict schema.
  • Capability inventory: The skill has the ability to write files (create_from_template.py) and execute shell commands (resume_workflow.py).
  • Sanitization: scripts/validate_content.py performs schema validation and content integrity checks before the generation phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 06:18 AM