html-to-ppt
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns were detected. The skill provides legitimate functionality for document conversion using established tools.
- [COMMAND_EXECUTION]: The Python integration uses
subprocess.runwith a list of arguments to invoke the Marp CLI. This implementation follows security best practices and prevents shell injection by avoiding the use of a shell for command execution. - [EXTERNAL_DOWNLOADS]: The skill references the official
@marp-team/marp-clipackage from npm and the Homebrew registry. These are well-known and trusted sources for the required conversion utility. - [PROMPT_INJECTION]: The skill processes user-provided Markdown content for conversion. While this creates a surface for indirect prompt injection (where malicious content in the source Markdown could attempt to influence the presentation output), the risk is low and inherent to the tool's primary purpose. Mandatory Evidence Chain: 1. Ingestion point:
md_contentparameter inmarkdown_to_pptxfunction. 2. Boundary markers: None. 3. Capability inventory: Local file generation via themarpcommand. 4. Sanitization: None.
Audit Metadata