pptx
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes 'soffice' and 'pdftoppm' for document conversion and thumbnail generation. These operations are essential for the skill's functionality and include safety constraints.
- [EXTERNAL_DOWNLOADS]: The skill uses well-known packages from trusted organizations, including python-pptx, markitdown, and playwright. These are handled securely according to established standards.
- [PROMPT_INJECTION]: The skill extracts text from PowerPoint files, which creates a surface for indirect prompt injection. However, the use of secure parsers and the nature of the utility as a document tool make this surface standard for its domain. Evidence chain: 1. Ingestion via scripts/inventory.py. 2. No boundary markers. 3. Capabilities include file writing and conversion. 4. Sanitization via defusedxml.
Audit Metadata