pptx-to-html
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements security-conscious file handling by normalizing paths and removing parent directory references (e.g., '..') when resolving internal components within PowerPoint archives, which prevents path traversal vulnerabilities.
- [EXTERNAL_DOWNLOADS]: Generated HTML presentations include references to the Chart.js library via a public CDN. This is a common and legitimate practice for enabling data visualization in standalone HTML files.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface typical of document processing tools, where text extracted from untrusted PPTX files could influence the agent's interpretation of the output.
- Ingestion points: Text content is parsed from slide XML, including SmartArt nodes and chart labels in 'scripts/smartart_parser.py' and 'scripts/chart_extractor.py'.
- Boundary markers: The conversion output does not currently employ specific boundary delimiters or safety instructions to distinguish extracted slide text from system-level guidance.
- Capability inventory: The skill is authorized to perform filesystem writes for output generation and can include external network references in the resulting HTML.
- Sanitization: Content is sanitized using HTML escaping in the SmartArt module, although the chart extraction module uses standard JSON serialization for embedding data into scripts.
Audit Metadata