pptx
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A thorough audit across all ten threat categories revealed no indicators of malicious intent, credential theft, or unauthorized data exfiltration. The skill follows established patterns for Office document manipulation.
- [COMMAND_EXECUTION]: The skill uses subprocess calls to execute local utilities like LibreOffice (soffice) for PDF conversion and Poppler (pdftoppm) for image generation. These operations are strictly related to the skill's core functionality of presentation processing and visual analysis.
- [EXTERNAL_DOWNLOADS]: Dependencies such as playwright, pptxgenjs, and markitdown are sourced from official package registries (NPM and PyPI). These are treated as safe well-known services under the analysis guidelines.
- [PROMPT_INJECTION]: While the skill ingests user-provided PPTX files, which constitutes a potential surface for indirect prompt injection, it utilizes robust parsing methods and security-focused libraries like defusedxml to sanitize structural input. The skill's internal instructions are consistent with its stated purpose and do not attempt to bypass safety guardrails.
Audit Metadata