presentation-builder
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection by processing external .pptx files and user-supplied notes. Ingestion points: Content is extracted from user-provided files via a Python script described in references/pptx-conversion.md and through direct user interaction. Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within the processed content. Capability inventory: The skill has access to Bash, Read, Write, and Edit tools, which are used to generate, save, and open the presentation files. Sanitization: Absent; the extraction script and generation instructions do not include logic for escaping HTML entities or sanitizing text from the source files, which could lead to cross-site scripting (XSS) or agent manipulation if the source material contains malicious payloads.
- [COMMAND_EXECUTION]: The skill utilizes shell commands via the Bash tool to execute Python extraction logic and to open the final generated HTML presentation in a browser using the open command.
- [EXTERNAL_DOWNLOADS]: The conversion workflow requires the installation of the third-party python-pptx package from the public PyPI registry.
Audit Metadata