docs-pptx
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/convert_pptx_to_markdown.pyusessubprocess.run(shell=True)to call system utilities. Commands are constructed by interpolating file paths into strings. While the paths are quoted, a file name containing shell metacharacters or strategically placed quotes could allow for arbitrary command execution on the local system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted presentation files.
- Ingestion points: The agent processes slide images and text extracted from external
.pptxfiles inscripts/convert_pptx_to_markdown.py. - Boundary markers: The instructions in
SKILL.mdfor analyzing visual content do not provide delimiters or instructions to ignore embedded commands. - Capability inventory: The agent has the ability to run shell commands and write files.
- Sanitization: There is no mechanism to sanitize or escape content extracted from slides before it is analyzed by the agent.
Audit Metadata