pptx
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill incorporates established security patterns for processing untrusted Office documents.
- Employs the
defusedxmllibrary across all XML parsing scripts (unpack.py,pack.py) to mitigate XML External Entity (XXE) and billion laughs attacks. - Dependencies are restricted to well-known, high-reputation packages from the NPM and PyPI registries.
- [COMMAND_EXECUTION]: Several utility scripts utilize subprocess calls to perform necessary file format conversions.
- Ingestion Point:
ooxml/scripts/pack.py,scripts/thumbnail.py. - Evidence: The scripts execute the
soffice(LibreOffice) andpdftoppmbinaries in headless mode to convert PPTX files to PDF and generate thumbnail images. These operations are essential for the skill's features and are implemented via controlled subprocess calls. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by design.
- Ingestion points: Untrusted content enters the agent's context through
markitdownandscripts/inventory.py, which extract text from user-provided presentations. - Boundary markers: The extracted text is processed without specific delimiters or 'ignore' instructions, which could allow malicious text within a slide to influence agent behavior.
- Capability inventory: The skill has extensive file system access (read/write PPTX structures) and command execution capabilities (via
soffice). - Sanitization: Structural XML integrity is validated using
defusedxml, but the extracted natural language content is not specifically sanitized before being presented to the agent.
Audit Metadata