Skills
skills/lc2panda/wps-skills/wps-ppt/Gen Agent Trust Hub

wps-ppt

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interacts with the WPS Presentation application through a generic execution tool that handles file paths.
  • Evidence: The wps_execute_method tool (appType: 'wpp') includes methods like openPresentation, insertPptImage, and setBackgroundImage which accept file path parameters, creating a surface for local file interaction.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection from processed document data.
  • Ingestion points: The assistant reads PPT content using tools such as getSlideInfo, getTextBoxes, and getSlideNotes (defined in SKILL.md).
  • Boundary markers: No boundary markers or instructions to ignore embedded commands in the PPT content are provided.
  • Capability inventory: The skill possesses extensive write and modification capabilities via wps_execute_method (defined in SKILL.md), including setTextBoxText, addPptHyperlink, and beautifyAllSlides.
  • Sanitization: Content extracted from slides is processed without any described sanitization or validation steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 09:22 AM