frontend-slides
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a Python script to extract content from PowerPoint files and utilizes the 'open' command to launch the resulting HTML presentations in the user's default browser.
- [EXTERNAL_DOWNLOADS]: The skill depends on the 'python-pptx' library from the official PyPI registry and generates presentations that link to legitimate font services such as Google Fonts and Fontshare.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted external document formats.
- Ingestion points: Processes content from PowerPoint (.pptx) files and existing HTML presentations during conversion or enhancement phases.
- Boundary markers: The skill lacks explicit delimiters or protective instructions when presenting extracted content to the agent for processing.
- Capability inventory: The skill possesses file-writing capabilities and shell execution (python, open) across its workflow.
- Sanitization: No sanitization or filtering is applied to extracted slide text, notes, or metadata before they are incorporated into the agent's context or generated output.
Audit Metadata