Skills
skills/netease-youdao/lobsterai/pptx/Gen Agent Trust Hub

pptx

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the subprocess module to execute well-known system utilities including soffice (LibreOffice), pdftoppm (Poppler), and git for document format conversion and change validation. These operations are essential for handling presentation files.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs the user to install several standard dependencies from official registries, such as playwright, pptxgenjs, and sharp. These packages are necessary for rendering HTML slides and processing images.
  • [PROMPT_INJECTION]: The skill processes content from untrusted PPTX files, creating a potential surface for indirect prompt injection. While it uses defusedxml to prevent XML-based attacks, it lacks explicit boundary markers for text extracted into the agent's context. This risk is addressed through documentation that emphasizes visual verification of outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 07:23 AM