pptx
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
ooxml/scripts/unpack.pyis vulnerable to path traversal (Zip Slip) due to its use ofzipfile.ZipFile.extractall()on potentially untrusted input files. - An attacker could craft a PPTX file containing filenames with traversal sequences (e.g.,
../../) to overwrite sensitive files outside the intended extraction directory. - [PROMPT_INJECTION]: The skill has a high surface for indirect prompt injection as it ingests and processes text from existing PowerPoint presentations.
- Ingestion points: Presentation content is extracted and read into the agent's context through
ooxml/scripts/unpack.py,scripts/inventory.py, andscripts/replace.py. - Boundary markers: The instructions do not define clear boundaries or isolation protocols for data extracted from presentation slides.
- Capability inventory: The skill possesses extensive capabilities including executing system commands via
subprocess.runand rendering HTML slides in a headless browser via Playwright. - Sanitization: Although
defusedxmlprovides protection against XML-specific attacks, the extracted content is treated as instructions or trusted data for subsequent operations, potentially leading to command injection or browser-based script execution. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of several external dependencies and system tools.
- These include well-known libraries such as
markitdown,playwright,pptxgenjs, andsharpfrom official registries. - It also utilizes system utilities like
LibreOfficeandPoppler-utilsfor document conversion and image generation tasks.
Audit Metadata