frontend-slides
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to perform its core tasks, such as executing a local Python script (
scripts/extract-pptx.py) for content extraction, installing necessary libraries viapip, and using theopencommand to display the final presentation to the user. These actions are transparent and necessary for the stated purpose. - [EXTERNAL_DOWNLOADS]: The skill downloads established Python packages (
python-pptx,Pillow) from official registries and references well-known typography services (Google Fonts, Fontshare) within the generated HTML code. - [PROMPT_INJECTION]: The skill processes user-supplied data from PowerPoint files and images, creating a potential surface for indirect prompt injection (Category 8). However, the risk is minimal as the data is used strictly for content generation. Mandatory Evidence Chain:
- Ingestion points: External content enters the system through the parsing of
.pptxfiles and the agent's visual analysis of provided images. - Boundary markers: The extraction script does not implement explicit delimiters to separate untrusted content from the generation logic.
- Capability inventory: The skill has the ability to execute Python scripts, install packages, and write files to the local system.
- Sanitization: There is no explicit sanitization or filtering logic applied to extracted text before it is inserted into the final HTML template.
Audit Metadata