pptx-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill uses the 'python-pptx' library, which is a standard and trusted package for PowerPoint generation. The dependency is pinned to version 1.0.2 in the script metadata, ensuring version integrity. No remote script execution or unverifiable package installations were found.\n- [Indirect Prompt Injection] (SAFE): The skill processes user-provided content to populate slides. While this creates a potential surface for indirect injection, the risk is negligible as the skill's capabilities are confined to document generation and local file writing within the agent's sandbox.\n
- Ingestion points: User input for slide titles, headlines, and captions in all cookbook scripts.\n
- Boundary markers: The scripts use explicit 'REPLACE' placeholders as markers for the agent to substitute content.\n
- Capability inventory: The skill can create PPTX files and read local image files if a path is provided to the image-caption template.\n
- Sanitization: No sanitization is performed on the input strings, which is typical for document generation templates.\n- [Dynamic Execution] (SAFE): The skill operates by having the agent populate Python templates and execute them locally. This 'script generation and execution' pattern is the primary purpose of the skill and is handled using static templates and safe library calls.
Audit Metadata