lg-smart-pptx
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of standard and well-known Python packages (
python-pptx,Pillow,matplotlib) from the official PyPI registry for its core functionality. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it accepts and processes untrusted user-provided text for slide generation.
- Ingestion points: User-provided strings for titles, bullet points, and table data passed to methods in
scripts/lg_pptx_builder.py. - Boundary markers: Not present; the skill acts as a library and expects the agent to provide content directly into the builder methods.
- Capability inventory: The skill performs file system write operations via
prs.save()inscripts/lg_pptx_builder.pyto create the final presentation. - Sanitization: The skill relies on the standard
python-pptxlibrary for proper XML escaping and serialization of text content into the PPTX format.
Audit Metadata