pitch-deck
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution for Validation: The skill uses standard command-line utilities such as
soffice(LibreOffice) andpdftoppmto convert PowerPoint files to images for visual validation. These commands are executed locally to ensure the output matches the intended formatting.\n- Data Ingestion Surface: The skill processes external files, including user-provided PowerPoint templates and source data (Excel, CSV, PDF). This provides a surface for potential indirect prompt injection where instructions could be embedded in data files. However, the skill treats these files as data sources for extraction and mapping, which is essential to its primary functionality.\n - Ingestion points: User-supplied PowerPoint templates and source files (Excel, CSV, PDF reports, Word documents) as described in
SKILL.md.\n - Boundary markers: None explicitly defined to separate data from instructions.\n
- Capability inventory: Execution of
sofficeandpdftoppmfor file conversion.\n - Sanitization: No specific sanitization or filtering of external content is mentioned.
Audit Metadata