ppt-editing-skill
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands to manage user files (e.g., cp) and executes Python modules such as markitdown to extract presentation content for analysis as described in SKILL.md.
- [PROMPT_INJECTION]: The skill processes external data from user-provided PPTX files, creating an indirect prompt injection surface. Ingestion points: Slide content extracted via markitdown in SKILL.md. Boundary markers: No delimiters are specified to isolate untrusted content. Capability inventory: Local file operations, shell command execution, and XML manipulation (SKILL.md). Sanitization: The skill recommends defusedxml for structural XML security but does not specify text-based content sanitization.
- [SAFE]: The skill implements security best practices by instructing the agent to use defusedxml.minidom for XML parsing to protect against XML External Entity (XXE) attacks. It operates strictly on user-provided templates and local paths, avoiding unauthorized network or data access.
Audit Metadata