pptx
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
subprocess.runinscripts/thumbnail.pyandooxml/scripts/pack.pyto callsoffice(LibreOffice) andpdftoppm(Poppler). These are legitimate uses for converting presentations to PDF and then to image thumbnails. - [COMMAND_EXECUTION]: The script
ooxml/scripts/validation/redlining.pyexecutesgit diffvia subprocess to compare document text content, which is a standard procedure for validating tracked changes. - [EXTERNAL_DOWNLOADS]: The skill documentation lists dependencies on standard, reputable software packages from PyPI (e.g.,
markitdown,python-pptx,defusedxml) and NPM (e.g.,pptxgenjs,playwright,sharp). No untrusted or risky external sources were found. - [PROMPT_INJECTION]: Documentation in
SKILL.mduses emphasis (e.g., 'CRITICAL', 'MANDATORY', 'NEVER set any range limits') to ensure technical accuracy during complex XML and HTML processing tasks. These instructions are intended to improve the agent's performance and do not target safety filter bypasses. - [REMOTE_CODE_EXECUTION]: The skill uses
playwrightinscripts/html2pptx.jsto render HTML slides. While powerful, the tool is used locally to process agent-generated content and does not involve executing arbitrary remote code.
Audit Metadata