Skills
skills/arcanexis/alice-single/pptx/Gen Agent Trust Hub

pptx

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted document content.
  • Ingestion points: ooxml/scripts/unpack.py and scripts/rearrange.py read and extract data from external Office files.
  • Boundary markers: Absent. The scripts operate directly on document structures without delimiting content for an AI agent.
  • Capability inventory: ooxml/scripts/pack.py invokes soffice (LibreOffice) via subprocess.run to perform document conversions.
  • Sanitization: defusedxml is correctly implemented in unpack.py and pack.py to prevent XML External Entity (XXE) vulnerabilities during parsing.
  • [COMMAND_EXECUTION] (SAFE): ooxml/scripts/pack.py uses subprocess.run with a list of arguments to execute LibreOffice, which avoids shell injection vulnerabilities.
  • [DATA_EXFILTRATION] (SAFE): No network operations or hardcoded credentials were detected; the skill performs all processing on the local file system.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:34 PM