PPT Generator Skill
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The prompt templates (e.g.,
lego_style_prompt.md,clay_style_prompt.md) directly interpolate untrusted source material (【原始资料】) into complex instructions for the LLM. - Ingestion points: The
【原始资料】placeholder in all files within thetemplates/directory. - Boundary markers: Absent. There are no delimiters or system-level instructions to ignore embedded commands within the user-provided text.
- Capability inventory: The system generates PPT files and provides instructions for external image generation tools.
- Sanitization: Absent. The skill relies on the LLM to process the raw input without prior filtering.
- [Data Exposure] (LOW): The script
scripts/generate_styled_ppt.pyreads file paths from a user-controllable JSON input (image_path). - Evidence: The
create_slidefunction usesos.path.exists(image_path)andslide.shapes.add_picture(image_path, ...)without validating that the path resides within an allowed directory. - Risk: An attacker could potentially craft an input JSON that forces the script to include sensitive local images or files in the generated PPTX artifact.
Audit Metadata