pptx
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill parses content from user-provided .pptx files, creating a surface for indirect prompt injection. • Ingestion points: 'scripts/inventory.py' extracts all text from slides into a JSON inventory. • Boundary markers: The extracted text is structured in JSON paragraph objects but lacks explicit delimiters or instructions to ignore embedded commands. • Capability inventory: The skill can execute local commands, render HTML via a headless browser, and perform extensive file system operations. • Sanitization: XML content is processed using 'defusedxml' for all XML parsing to mitigate XML External Entity (XXE) vulnerabilities, which is a significant security control.
- [COMMAND_EXECUTION]: Local utilities like LibreOffice and Poppler are used for file conversions and visual analysis. • Evidence: 'scripts/thumbnail.py' and 'ooxml/scripts/pack.py' invoke 'soffice' and 'pdftoppm' using 'subprocess.run'. • Context: These calls use argument lists rather than raw shell strings, preventing shell injection. These operations are necessary for the skill's primary functionality.
- [EXTERNAL_DOWNLOADS]: The skill documentation requires standard development and productivity tools. • Evidence: Installation instructions for 'markitdown', 'pptxgenjs', 'playwright', and 'sharp' are provided in 'SKILL.md'. • Context: All dependencies are sourced from trusted official registries (npm and PyPI) or standard OS repositories (apt), which are recognized as safe sources.
Audit Metadata