Skills
skills/vkehfdl1/slides-grab/slides-grab-export/Gen Agent Trust Hub

slides-grab-export

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill workflow is centered around the execution of the slides-grab CLI tool and several local scripts (e.g., html2pptx.js, thumbnail.py, pack.py) for slide generation and conversion tasks.
  • [EXTERNAL_DOWNLOADS]: The skill documentation identifies several established third-party dependencies, including pptxgenjs, playwright, and sharp for Node.js, and markitdown, defusedxml, and pillow for Python. These libraries and tools (including system utilities like LibreOffice and Poppler) are standard for document processing and conversion.
  • [PROMPT_INJECTION]: The skill processes user-provided HTML content from slide files, creating a surface for indirect prompt injection. This risk is inherent to the skill's purpose and is managed by structured conversion logic and the use of the defusedxml library for secure XML handling.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 04:16 PM