pptx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted PowerPoint files while possessing command-execution capabilities. 1. Ingestion Point: path-to-file.pptx via markitdown and unpack scripts. 2. Boundary Markers: Absent. 3. Capability Inventory: Executes shell commands (python -m, unpack.py). 4. Sanitization: No evidence of validation or sanitization for extracted presentation content.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses shell commands to process files. Risks include command injection if file paths provided by users are not properly sanitized before being passed to the shell.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on external scripts (ooxml/scripts/unpack.py) and packages (markitdown) that are not provided in the skill payload, representing unverifiable dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata