pptx
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external tools like LibreOffice and Poppler utilities via
subprocess.runto handle document conversions and image generation. These calls use argument lists instead of shell strings, which mitigates the risk of command injection.\n- [EXTERNAL_DOWNLOADS]: Documentation identifies standard dependencies from trusted registries (PyPI and NPM), includingplaywright,pptxgenjs, andsharp. There are no instances of downloading and executing remote scripts from unverified sources.\n- [SAFE]: Secure XML processing is enforced by using thedefusedxmllibrary in Python scripts, protecting against XML External Entity (XXE) vulnerabilities when handling presentation files.\n- [SAFE]: The HTML-to-PPTX workflow utilizesplaywrightto render slides locally. The extraction logic is hardcoded and executed within a browser context, ensuring that it only interacts with the content intended for conversion.
Audit Metadata