Pptx
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the
defusedxmllibrary for secure XML parsing in its Python scripts, effectively preventing XML External Entity (XXE) vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill utilizes reputable external libraries including Playwright, Sharp, and PptxGenJS for rendering HTML and processing images. These are standard dependencies for this type of document utility.
- [COMMAND_EXECUTION]: Local system utilities such as LibreOffice (
soffice) and Poppler (pdftoppm) are invoked via subprocesses to perform legitimate document conversion and thumbnail generation. - [PROMPT_INJECTION]: While the skill processes user-provided .pptx and .html files, which represents an indirect prompt injection surface, it does not possess any unique vulnerabilities that would escalate this beyond the inherent risk of processing complex document formats.
- [SAFE]: The skill reads a local configuration file (
~/.claude/PAI/SKILL.md) to establish the 'PAI' context. This is an intended architectural feature for personalizing the agent's behavior within its environment.
Audit Metadata