Skills
skills/cam10001110101/claude-skills-base/pptx/Gen Agent Trust Hub

pptx

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The main skill documentation directs the agent to generate a custom JavaScript file and execute it via the node runtime to handle presentation conversion tasks.
  • [COMMAND_EXECUTION]: Several Python scripts in the skill (pack.py, thumbnail.py, redlining.py) use the subprocess module to execute external system commands including soffice, pdftoppm, and git.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of a global npm package from a local archive (html2pptx.tgz) whose contents are not visible for inspection, representing an unverifiable dependency.
  • [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection. * Ingestion points: Untrusted text data enters the context via markitdown extraction and inventory.py JSON output. * Boundary markers: Absent; the skill explicitly instructs the agent to read the extracted content entirely without range limits. * Capability inventory: The agent can execute shell commands and node scripts, and perform file-system operations. * Sanitization: No sanitization or escaping of extracted text content is performed before presentation to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 07:44 PM