pptx
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implementation demonstrates good security hygiene by utilizing the 'defusedxml' library for XML parsing to mitigate risks associated with XML External Entity (XXE) attacks. It relies on established, well-known libraries such as 'python-pptx' for Python operations and 'pptxgenjs' for Node.js slide generation. The use of Playwright for HTML-to-PPTX conversion is implemented to render local content created by the agent, following a well-defined and secure workflow. Subprocess calls are restricted to standard system utilities like LibreOffice (soffice) and Poppler (pdftoppm) for document conversion and thumbnail generation. While the skill extracts and processes text from user-provided presentation files, which presents a standard surface for indirect prompt injection, this behavior is central to the skill's documented purpose and no malicious implementation patterns were identified.
Audit Metadata