ppt
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The script parses untrusted natural language to determine presentation parameters like title, topics, and duration.
- Ingestion points:
input_strparameter in theparse()method. - Boundary markers: Absent. The script relies on regex and keyword matching without delimiters.
- Capability inventory: The parsed
PPTIntentobject determines file paths and processing logic for downstream components. The script itself does not perform dangerous operations. - Sanitization: Extracted fields like
titleandtopicsare used directly without sanitization. - [Data Exposure] (LOW): The parser accepts file paths and directory names directly from input to determine input types. This allows an attacker to probe the local file system for the existence of files or directories via the
input_strargument.
Audit Metadata