pptx
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface. The skill extracts and processes text content from user-supplied PowerPoint presentations and HTML slides. A maliciously crafted presentation could contain embedded instructions intended to influence or override the agent's behavior.
- Ingestion points: Presentation text content via markitdown and scripts/inventory.py; HTML slide content via scripts/html2pptx.js.
- Boundary markers: Absent. The skill does not provide instructions to the agent to treat extracted content as untrusted or use specific delimiters.
- Capability inventory: Execution of system utilities (soffice, pdftoppm, git) via subprocess.run in scripts/thumbnail.py, ooxml/scripts/pack.py, and ooxml/scripts/validation/redlining.py; file system access across all management scripts.
- Sanitization: Absent. Text is processed exactly as extracted from the source files.
- [COMMAND_EXECUTION]: Legitimate use of system utilities for document processing. Several scripts (thumbnail.py, pack.py, redlining.py) use subprocess.run to invoke external tools for conversion, validation, and comparison.
- scripts/thumbnail.py and ooxml/scripts/pack.py invoke LibreOffice (soffice) for PDF conversion and document validation.
- scripts/thumbnail.py invokes Poppler's pdftoppm utility for slide image generation.
- ooxml/scripts/validation/redlining.py invokes git to perform word-level differences for tracked changes validation.
- These subprocess calls use list-based arguments, mitigating the risk of shell command injection.
Audit Metadata