Skills
skills/minimax-ai/skills/pptx-generator/Gen Agent Trust Hub

pptx-generator

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflow involves generating multiple JavaScript modules and a compilation script that are executed using node to build the presentation. It also utilizes python -m markitdown for reading file content.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of several external packages, including markitdown from Microsoft and standard NPM libraries like pptxgenjs and sharp. It also demonstrates functionality for fetching remote images via URL.
  • [PROMPT_INJECTION]: The skill processes untrusted user-provided PowerPoint files to extract text. This extracted content is used as input for the agent, creating a surface for indirect prompt injection if the input files contain malicious instructions. Ingestion points: Reading external .pptx files using markitdown. Boundary markers: None identified. Capability inventory: File writing, script execution via node, and network asset fetching. Sanitization: The skill specifies the use of defusedxml.minidom for parsing XML templates to prevent XXE vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 07:15 AM