pptx
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes external system binaries (soffice, pdftoppm) via subprocess.run to handle document conversion and visual validation. Executing complex parsers on untrusted user-provided files is a standard but high-risk operation. The skill also executes Node.js commands to run agent-generated scripts and uses local extraction commands (tar -xzf).
- [REMOTE_CODE_EXECUTION]: The workflow requires the AI agent to dynamically generate and execute JavaScript code using pptxgenjs and playwright. This dynamic execution of generated logic represents a powerful capability that requires monitoring.
- [PROMPT_INJECTION]: The skill contains explicit behavioral overrides, such as instructing the agent to ignore standard resource-limiting behaviors (e.g., 'NEVER set any range limits'). It also lacks sanitization or boundary markers for text ingested from user presentations, which provides a vector for indirect prompt injection.
- [EXTERNAL_DOWNLOADS]: The skill relies on a wide array of external dependencies including LibreOffice, Poppler, Playwright, and various Python/Node.js libraries. It correctly uses defusedxml for secure XML processing, mitigating some XML-based risks.
Audit Metadata