Skills
skills/intelli-train-ai/skills/html-to-ppt/Gen Agent Trust Hub

html-to-ppt

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The Python integration example uses subprocess.run to execute the marp command-line utility. This is the core functionality of the skill and is implemented safely using an argument list rather than a shell string.
  • [EXTERNAL_DOWNLOADS]: The documentation references @marp-team/marp-cli via npm and marp-cli via Homebrew. These are recognized as legitimate, well-known tools for generating presentations.
  • [PROMPT_INJECTION]: The skill processes user-supplied Markdown data which presents an indirect prompt injection surface. 1. Ingestion points: md_content parameter in the markdown_to_pptx function. 2. Boundary markers: No explicit markers or delimiters are used to wrap the untrusted content. 3. Capability inventory: Uses subprocess.run to call external binaries. 4. Sanitization: No specific sanitization of the input Markdown is performed before it is passed to the conversion tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 05:18 AM