ppt-generator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from user-provided documents or files.
- Ingestion points: Phase 1 accepts raw text or file paths containing external document content.
- Boundary markers: None identified. There are no instructions to the agent to treat document content as untrusted or to use delimiters.
- Capability inventory: The skill executes subprocesses (
python3), writes files (slides_plan.json), and opens local HTML files (open index.html). - Sanitization: None identified. If the source document contains malicious instructions, they could be reflected in the
slides_plan.jsonor the final HTML viewer, potentially leading to unintended script behavior or local cross-site scripting (XSS). - [COMMAND_EXECUTION] (SAFE): The skill executes local Python scripts (
generate_ppt.py,generate_ppt_video.py) located in a specific directory. While this is the intended functionality, the use of absolute paths (e.g.,/Users/carrick/...) reveals the author's username and reduces portability, though it does not directly threaten the user. - [DATA_EXFILTRATION] (LOW): The skill documentation indicates interactions with Kling AI (
klingai.kuaishou.com), which is an external service not included in the whitelisted domains. While this is necessary for the skill's video generation features, it involves sending data to a non-standard third-party endpoint.
Audit Metadata