Skills
skills/dedalus-erp-pas/foundation-skills/pptx/Gen Agent Trust Hub

pptx

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill extracts text content from external PowerPoint files, which creates a surface for indirect prompt injection where malicious instructions could be embedded in slides.\n
  • Ingestion points: Slide content is read via scripts/inventory.py and the markitdown package.\n
  • Boundary markers: No explicit boundary markers or warnings to ignore embedded commands are implemented during text extraction.\n
  • Capability inventory: The skill has access to system utilities (soffice, pdftoppm, git) and a headless browser (playwright) for slide rendering.\n
  • Sanitization: XML parsing is secured using defusedxml to prevent external entity injection (XXE) attacks.\n- [COMMAND_EXECUTION]: The skill invokes external command-line tools to support presentation processing and validation.\n
  • Evidence: ooxml/scripts/pack.py and scripts/thumbnail.py call soffice (LibreOffice) for PDF conversion and document validation.\n
  • Evidence: scripts/thumbnail.py calls pdftoppm to generate slide thumbnail images.\n
  • Evidence: ooxml/scripts/redlining.py executes git diff to compare and validate document revisions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 02:37 AM