Skills
skills/fivetaku/claude-office-skills/deck-refresh/Gen Agent Trust Hub

deck-refresh

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a shell command (python3 -c "import pptx" 2/dev/null || python3 -m pip install python-pptx) to ensure that the required library is available in the environment.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the python-pptx package from the official Python Package Index (PyPI). This is a well-known library and its installation is directly related to the skill's stated functionality.
  • [PROMPT_INJECTION]: The skill processes content from user-uploaded PowerPoint (.pptx) and Excel (.xlsx) files, which introduces an indirect prompt injection surface where malicious instructions in those files could attempt to influence the agent.
  • Ingestion points: Processes slide text, table data, and spreadsheet values in Phases 1 and 2 of the workflow.
  • Boundary markers: No specific delimiters or markers are defined in the instructions to isolate ingested content from system instructions.
  • Capability inventory: The skill uses the python-pptx library for file manipulation and can execute shell commands for setup.
  • Sanitization: There is no evidence of sanitization or filtering of the content extracted from the external files before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 08:10 AM