pptx
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill follows professional development standards and exhibits no malicious behaviors or unauthorized data collection. The implementation of defusedxml for all XML processing mitigates common Office document vulnerabilities like XXE.
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection attack surface (Category 8) due to its processing of external .pptx files. Evidence Chain: (1) Ingestion: Untrusted text content is extracted from PowerPoint shapes in
scripts/inventory.py. (2) Boundary markers: Absent in the extracted JSON provided to the agent. (3) Capability inventory: Local file system writes, system utility execution (soffice, git), and browser rendering via Playwright. (4) Sanitization: Uses defusedxml for structural security, though text content is processed as raw data. This risk is assessed as safe because the behavior is essential to the skill's primary function of document analysis. - [COMMAND_EXECUTION]: Local system utilities including LibreOffice (soffice), Poppler (pdftoppm), and git are invoked via subprocess for legitimate document conversion and validation tasks.
Audit Metadata