pptx-from-layouts
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Internal orchestration scripts such as
generate.py,edit.py,validate.py, andprofile.pyutilizesubprocess.runto execute specialized Python modules within the same skill package. These calls are constructed using the current interpreter and absolute path resolution, ensuring controlled execution of internal logic. - [COMMAND_EXECUTION]: The slide rendering and validation components (
thumbnail.py,visual_validator.py) execute local system utilities includingsoffice(LibreOffice) andpdftoppm(Poppler) to handle PowerPoint-to-PDF conversion and image generation. These are essential for the skill's primary functionality of visual validation. - [COMMAND_EXECUTION]: The
font_fallback.pyutility usessubprocess.runto callfc-matchfor discovering available system fonts to ensure consistent text measurement across platforms. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection as it ingests and processes untrusted markdown content and JSON replacement data.
- Ingestion points: Primary input is through
ingest.py(parsing markdown outlines) andedit.py(processing JSON text replacements). - Boundary markers: The parser relies on structural markdown elements such as slide headers (
# Slide N:) and separators (---) to delimit slide boundaries and content types. - Capability inventory: The skill possesses the ability to write to the file system (
prs.save) and execute local binaries viasubprocess.runfor rendering tasks. - Sanitization: Input content is cleaned and validated using a state-machine parser and regular expressions to extract text runs and typography markers, ensuring that inputs are treated as data rather than executable instructions.
Audit Metadata