pptx
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The installation instructions require administrative privileges (
sudo apt-get install) for system-level dependencies. This is a privilege escalation pattern, although it is intended for the one-time setup of required tools like LibreOffice and Poppler-utils. - [COMMAND_EXECUTION]: The skill performs shell-based operations using user-provided file paths (e.g.,
path-to-file.pptx,<office_file>). This presents a command injection surface if filenames containing shell metacharacters are not properly sanitized or quoted before execution. - [PROMPT_INJECTION]: The skill processes untrusted content from .pptx files and their internal XML structures, creating an indirect prompt injection surface. 1. Ingestion points: .pptx files, template presentations, and XML slide content. 2. Boundary markers: No delimiters or specific instructions to disregard embedded commands are provided. 3. Capability inventory: The skill utilizes subprocesses to execute python scripts and system utilities (soffice, pdftoppm) and performs file system operations. 4. Sanitization: The skill mitigates XML-based attacks by requiring
defusedxmlfor secure parsing. - [EXTERNAL_DOWNLOADS]: The skill references well-known technology tools and libraries from trusted repositories and registries, including the NPM registry (pptxgenjs, sharp, playwright) and official Ubuntu package repositories (LibreOffice, Poppler). These references are documented neutrally as standard dependency requirements.
Audit Metadata