pptx-generator
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system-level binaries, specifically
soffice(LibreOffice) andpdftoppm, to facilitate file conversion processes inscripts/convert_slides.py. These operations are conducted using thesubprocessmodule with argument lists, which is a secure implementation. - [EXTERNAL_DOWNLOADS]: The skill's instructions include a step to install external Python libraries
python-pptxandPillowfrom the Python Package Index (PyPI). These are standard, well-known packages required for the skill's core functionality. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted user data. \n
- Ingestion points: In
SKILL.md, Phase 1 (Gather) describes extracting content from user-provided documents, notes, or existing presentation files to build a slide map. \n - Boundary markers: There is no mention of using delimiters or specific system instructions to prevent the agent from following instructions embedded within the ingested text content. \n
- Capability inventory: The skill has access to powerful capabilities including shell command execution and package installation. \n
- Sanitization: The extracted content is not sanitized or validated before being used to influence the agent's content decisions and layout planning.
Audit Metadata