academic-pptx
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill lists dependencies on standard tools such as markitdown and pptxgenjs for its core functionality of slide generation and content extraction.
- [REMOTE_CODE_EXECUTION]: The skill operates by generating and executing PptxGenJS code based on user-supplied content and predefined templates. This dynamic code generation is an intended but notable capability.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external research materials. 1. Ingestion points: User-provided research papers and presentation descriptions ingested through natural language prompts as described in README.md. 2. Boundary markers: No explicit delimitation or instructions to ignore embedded commands are present in the content guidelines. 3. Capability inventory: The skill uses JavaScript code execution and file creation capabilities via the pptxgenjs library as documented in slide_patterns.md. 4. Sanitization: There is no evidence of sanitization or escaping of user-provided research data before it is interpolated into the generated slide code.
Audit Metadata