pptx-offline
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires standard, well-known dependencies from official registries (npm and PyPI). These include libraries for PDF processing, image manipulation, and PowerPoint generation such as
pptxgenjs,sharp,playwright,python-pptx, andmarkitdown. - [COMMAND_EXECUTION]: Several scripts (
thumbnail.py,pack.py) use the Pythonsubprocessmodule to call system utilities likesoffice(LibreOffice) andpdftoppm(Poppler) for document conversion and thumbnail generation. These operations are essential for the skill's documented functionality and are implemented safely using argument lists rather than shell interpolation. - [SAFE]: The skill implements security best practices by using the
defusedxmllibrary for all XML parsing tasks, mitigating risks associated with XML External Entity (XXE) attacks. The code structure is transparent, and all capabilities align directly with the stated purpose of offline PPTX manipulation.
Audit Metadata