pptx
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system commands including 'soffice' (LibreOffice), 'pdftoppm', and 'git' via the 'subprocess.run' method in scripts such as 'pack.py', 'thumbnail.py', and 'redlining.py'. these operations are used for document packing, change validation, and generating slide previews, which are core functional requirements.
- [PROMPT_INJECTION]: The skill processes untrusted external data from PowerPoint and HTML files, creating an attack surface for indirect prompt injection.
- Ingestion points: 'inventory.py' extracts text content from slides, and 'html2pptx.js' renders user-provided HTML.
- Boundary markers: Absent in current instructional templates.
- Capability inventory: Filesystem write access and system command execution capabilities.
- Sanitization: The skill correctly uses the 'defusedxml' library for XML parsing to mitigate XML External Entity (XXE) vulnerabilities.
- [SAFE]: The presence of absolute file paths referencing the author's local environment ('/Users/sargupta/...') in 'SKILL.md' is a best-practice violation but does not constitute a security vulnerability.
Audit Metadata