pptx
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The skill documentation includes 'sudo apt-get install' commands for 'libreoffice' and 'poppler-utils', which grants root-level access during setup.
- Command Execution (MEDIUM): The skill suggests executing shell commands ('soffice' and 'pdftoppm') to handle file conversions, providing a potential surface for command injection.
- Indirect Prompt Injection (LOW): The skill ingests untrusted .pptx content. Evidence: 1. Ingestion points: Text extraction via 'markitdown' and raw XML access to slide components. 2. Boundary markers: Absent. 3. Capability inventory: Shell command execution. 4. Sanitization: Not specified in instructions.
- External Downloads (LOW): The skill installs 'markitdown' (via pip) and 'pptxgenjs' (via npm). 'markitdown' is from a trusted organization (Microsoft), but public registry usage remains a minor surface.
Recommendations
- AI detected serious security threats
Audit Metadata