Skills
skills/bytedance/deer-flow/ppt-generation/Gen Agent Trust Hub

ppt-generation

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The script processes untrusted data from a JSON configuration and image files to generate a presentation, creating a surface for injection.
  • Ingestion points: plan_file (JSON) and slide_images (image files) in scripts/generate.py.
  • Boundary markers: None; data from the JSON is directly interpolated into the presentation.
  • Capability inventory: File system write access via prs.save() and read access via json.load() and Image.open().
  • Sanitization: No validation of JSON structure or string content is performed.
  • [Data Exposure & Exfiltration] (LOW): The script accepts arbitrary file paths for reading and writing operations. If the calling agent does not enforce path sandboxing, this could be used to read sensitive files (by passing them as image paths) or overwrite critical configuration files (via the output_file argument).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:35 PM