pptx
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements strong security defaults by using the
defusedxmllibrary for all XML parsing operations inooxml/scripts/validation/base.py,ooxml/scripts/pack.py, andooxml/scripts/unpack.py, effectively neutralizing potential XML External Entity (XXE) vulnerabilities. - [COMMAND_EXECUTION]: Multiple scripts, including
ooxml/scripts/pack.py,ooxml/scripts/validation/redlining.py, andscripts/thumbnail.py, utilizesubprocess.runto interface with system tools likesoffice(LibreOffice),pdftoppm(Poppler), andgit. Evidence shows these calls use list-based arguments withoutshell=True, preventing shell injection attacks. - [PROMPT_INJECTION]: The
SKILL.mdfile includes instructions such as 'NEVER set any range limits when reading these files' and 'Read ALL relevant documentation files completely.' While these attempt to override default agent behavior for context processing, they are functionally related to the primary purpose of ensuring the agent understands complex XML schemas to prevent document corruption. - [SAFE]: The skill dependencies, including
pptxgenjs,playwright, andmarkitdown, are well-known technology services and libraries used for their intended functional purposes within the presentation workflow.
Audit Metadata