pptx
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Deceptive metadata is present in the
LICENSE.txtfile, which claims the skill is copyrighted by Anthropic, PBC, despite the author being 'Azeem-2'. This potentially misleads users regarding the skill's trust level. The skill also facilitates indirect prompt injection by processing untrusted HTML (scripts/html2pptx.js) and PPTX data (scripts/inventory.py) without sanitization or boundary markers. Capability inventory includes shell execution (soffice,git) and file writes. - [COMMAND_EXECUTION]: The skill invokes system binaries like
soffice,pdftoppm, andgitfor document processing viasubprocess.run. Furthermore,ooxml/scripts/unpack.pyuseszipfile.extractall()without member validation, creating a path traversal vulnerability (Zip Slip) if the agent processes a malicious presentation file. - [EXTERNAL_DOWNLOADS]: Documentation instructs users to install standard dependencies including
markitdown,playwright, andpptxgenjsfrom official package registries. - [SAFE]: Secure XML parsing is implemented using the
defusedxmllibrary inpack.pyandunpack.pyto mitigate XXE risks.
Audit Metadata