pptx
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: A path traversal vulnerability (Zip Slip) exists in
ooxml/scripts/unpack.py,ooxml/scripts/validation/redlining.py, andooxml/scripts/validation/base.py. These scripts usezipfile.extractall()on PowerPoint files without validating that archive members remain within the target directory. A malicious PowerPoint archive could write or overwrite files outside the extraction path (e.g., via../../.bashrc).\n- [COMMAND_EXECUTION]: The skill frequently invokes external system utilities usingsubprocess.run, includingsoffice,pdftoppm, andgit. These operations process user-provided files and paths, representing a risk if input filenames are not properly sanitized or if the underlying binaries are exploited.\n- [REMOTE_CODE_EXECUTION]: Thescripts/html2pptx.jsutility uses Playwright to launch a headless Chromium browser instance to render slides. This provides a complex execution environment where untrusted HTML or CSS could potentially be used to trigger browser-based exploits, access local files, or perform network requests if not strictly sandboxed.\n- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It extracts all text content from presentations and instructs the agent to read these outputs in their entirety. Malicious instructions embedded within a slide could potentially hijack the agent's logic during analysis or summarization tasks.
Audit Metadata