ppt-agent
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several Python and Node.js scripts (
html2png.py,html2svg.py,png2pptx.py,svg2pptx.py) to handle file conversions and packaging. Specifically,html2png.pyandhtml2svg.pyutilizesubprocess.runto invoke the Node.js environment. - [EXTERNAL_DOWNLOADS]: At runtime, the skill attempts to install well-known libraries from official registries using
pip(e.g.,python-pptx,lxml,Pillow) andnpm(e.g.,puppeteer,dom-to-svg). These are established tools for the skill's primary purpose. - [REMOTE_CODE_EXECUTION]: In
scripts/html2svg.py, the code executesnpx -y esbuild, which can download and run external packages from the npm registry if they are not already locally available. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design. It retrieves search results via web tools and interpolates them into structural prompts (e.g.,
{{SEARCH_RESULTS}}inprompt-2-outline.md). While it uses boundary markers like JSON structures and delimiters, there is no explicit sanitization step for instructions that might be embedded in the retrieved web data. This could influence the agent's content generation logic. - [DYNAMIC_EXECUTION]: The conversion scripts
html2png.pyandhtml2svg.pydynamically generate JavaScript code strings (SCREENSHOT_SCRIPT,CONVERT_SCRIPT), write them to temporary files (e.g.,.html2png_tmp.js), and execute them via Node.js. This is used to drive Puppeteer for high-fidelity rendering.
Audit Metadata