super-ppt
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/style_extractor.pyscript uses thesubprocess.runfunction to execute thepdftoppmutility, which is a well-known system tool for converting PDF documents into images for visual analysis. - [DATA_EXFILTRATION]: The test script
scripts/test_super_ppt.pyincludes a hardcoded absolute file path to a document on the author's local filesystem. This reveals information about the vendor's internal directory structure and environment. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its style extraction and AI prompt generation feature.
- Ingestion points: Document metadata and text content are extracted from user-provided
.pptxand.pdffiles via theextract_stylefunction inscripts/style_extractor.py. - Boundary markers: The generated AI style prompt lacks delimiters or instructions to ignore or isolate potentially malicious instructions embedded within the extracted text content.
- Capability inventory: The skill includes utilities for filesystem modification (
ppt_editor.py) and external command execution (style_extractor.py). - Sanitization: Extracted document content is directly interpolated into the AI-facing style prompt without validation or sanitization, creating a surface where malicious instructions in a document could influence the agent's behavior.
Audit Metadata