pptx
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): Vulnerability to Indirect Prompt Injection through untrusted data processing. \n
- Ingestion points: The skill is explicitly designed to read data from external PPTX files (
examples/editing-presentations.md), CSV spreadsheets (examples/table-examples.md), and local image directories (examples/image-handling.md). \n - Boundary markers: Absent. The provided code snippets do not implement delimiters or 'ignore' instructions to isolate external content from the agent's core logic. \n
- Capability inventory: The skill allows the agent to read, modify, and write files to the system (
prs.save), providing a vector for persistent or impactful changes based on injected content. \n - Sanitization: Absent. Example code for 'Find and Replace' (
examples/editing-presentations.md) performs direct string substitution without sanitizing inputs, which is a common vector for instruction injection. \n- [EXTERNAL_DOWNLOADS] (LOW): Installation of third-party dependencies. \n - Evidence:
references/library-setup.mdandREADME.mdprovide instructions to installpython-pptx,Pillow,pandas, andmatplotlib. \n - Status: These are well-known, trusted libraries from the Python Package Index. Under [TRUST-SCOPE-RULE], these findings are classified as LOW severity.
Audit Metadata