Skills
skills/krishagel/geoffrey/pptx/Gen Agent Trust Hub

pptx

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes untrusted .docx and .pptx files, creating an ingestion surface for malicious instructions embedded in document content.
  • Ingestion points: ooxml/scripts/unpack.py and ooxml/scripts/validation/docx.py.
  • Boundary markers: None identified in the processing scripts.
  • Capability inventory: Executes soffice via subprocess in ooxml/scripts/pack.py and performs file-system modifications in scripts/rearrange.py.
  • Sanitization: Utilizes defusedxml to protect against XML External Entity (XXE) and expansion attacks during parsing.
  • Command Execution (LOW): The skill invokes the system binary soffice (LibreOffice) to perform document validation and format conversion.
  • Evidence: subprocess.run call in ooxml/scripts/pack.py within the validate_document function. The command uses a fixed binary name and hardcoded filter names, though it operates on user-provided file paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:34 PM