pptx
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and summarize content from user-provided .pptx files, including speaker notes and raw XML structure.
- Ingestion points: The workflow in SKILL.md explicitly directs the agent to read slide titles, body text, and speaker notes from existing decks.
- Boundary markers: There are no specified delimiters or instructions to treat extracted content as untrusted data or to ignore instructions embedded within the slides.
- Capability inventory: The skill uses python-pptx and ZIP/XML inspection tools which allow for reading and potentially writing to the file system.
- Sanitization: The instructions do not include any steps to sanitize or validate the content extracted from the PowerPoint files before processing.
Audit Metadata