pptx-creator
Audited by Gen Agent Trust Hub on Feb 12, 2026
================================================================================
🔴 VERDICT: CRITICAL
This skill has a critical command execution vulnerability. It uses subprocess.run to execute another skill (nano-banana-pro) for image generation, passing user-controlled input directly as a command-line argument (--prompt). A malicious user could craft this prompt to inject arbitrary shell commands, leading to remote code execution on the system running the agent. Additionally, this constitutes a prompt injection vector for the nano-banana-pro skill itself. The skill also relies on an unverified external skill (nano-banana-pro) and contains placeholder code for CRM API access that could expose credentials if activated.
Total Findings: 4
🔴 CRITICAL Findings: • Command Execution via User-Controlled Subprocess Argument
- scripts/create_pptx.py
- Line 190:
subprocess.run(["uv", "run", str(script_path), "--prompt", prompt, "--filename", output_path, "--resolution", "1K"], ...)
🔴 HIGH Findings: • Prompt Injection to External Skill
- scripts/create_pptx.py
- Line 185:
prompt = src.split("generate:", 1)[1].strip()(User-controlled prompt passed tonano-banana-provia subprocess)
🟡 MEDIUM Findings: • Unverifiable External Skill Dependency
- scripts/create_pptx.py
- Line 181:
script_path = SKILL_DIR.parent / "nano-banana-pro" / "scripts" / "generate_image.py"(Relies onnano-banana-proskill, which is not audited here)
🔵 LOW Findings: • Potential Credential Exposure (Placeholder)
- scripts/create_pptx.py
- Line 208:
api_url = os.environ.get("TWENTY_API_URL", "")and Line 209:api_token = os.environ.get("TWENTY_API_TOKEN", "")(Reads sensitive environment variables for a currently inactive CRM API integration)
================================================================================
- AI detected serious security threats