Skills
skills/thomasrohde/pptx-cli/pptx-deck-builder/Gen Agent Trust Hub

pptx-deck-builder

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the pptx and excal command-line tools to perform file operations, render diagrams, and build presentation decks. These operations involve executing subprocesses with parameters derived from workspace files.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external data which could influence the agent's behavior.
  • Ingestion points: Data is ingested from user-provided PowerPoint templates (.pptx) via the pptx init command and from YAML specification files (deck.yaml) during the build process.
  • Boundary markers: The instructions do not define clear boundaries or 'ignore' directives to prevent the agent from following instructions potentially embedded within the template metadata or the YAML content.
  • Capability inventory: The agent has the capability to execute shell commands, read local files, and write output files to the workspace.
  • Sanitization: No sanitization or validation logic is specified for the text or metadata extracted from external templates before it is processed or incorporated into the final deck.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 04:13 AM