pptx
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The file
ooxml/scripts/pack.pyutilizessubprocess.runto invoke thesoffice(LibreOffice) binary for headless document validation. This is a legitimate utility function necessary for the skill's purpose and does not use shell-based execution, mitigating injection risks. - [DATA_INGESTION] (LOW): The skill processes external document files (DOCX, PPTX, XLSX), which is an inherent attack surface for indirect prompt injection or malicious file content. However, the implementation uses
defusedxml.minidomfor parsing, which explicitly protects against XML External Entity (XXE) and billion laughs attacks. - [DATA_EXPOSURE] (SAFE): File operations are restricted to input/output directories provided by the user and temporary directories created via
tempfile.TemporaryDirectory(). No access to sensitive user credentials or system files (e.g., SSH keys, env files) was detected. - [EXTERNAL_DOWNLOADS] (SAFE): The skill depends on standard, reputable libraries such as
playwright,python-pptx, andlxml. There are no patterns of downloading and executing arbitrary remote scripts (e.g., curl|bash).
Audit Metadata