pptx
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted PowerPoint (.pptx) files through several scripts, including scripts/inventory.py and ooxml/scripts/unpack.py. This creates a surface for indirect prompt injection where malicious instructions embedded in slide content or metadata could be interpreted as commands by the AI agent during analysis. The skill lacks explicit delimiters or boundary markers to distinguish between data and instructions in slide content.
- [COMMAND_EXECUTION]: The skill uses the Python subprocess module to execute external system utilities, including soffice (LibreOffice) for document validation and conversion, and pdftoppm (Poppler) for generating slide thumbnails. These operations are essential for the skill's primary purpose but involve system-level interaction with external binaries.
- [COMMAND_EXECUTION]: The ooxml/scripts/unpack.py script uses zipfile.extractall() without explicit path validation. This potentially exposes a vulnerability surface for a Zip Slip attack if a maliciously crafted PowerPoint file contains file paths targeting locations outside the intended output directory.
Audit Metadata