presentation-builder
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from untrusted external files (.pptx, .ppt, HTML), creating an attack surface for indirect prompt injection.\n
- Ingestion points: External presentation files processed in Phase 0 and Phase 2.\n
- Boundary markers: None specified to delineate slide content from instructions.\n
- Capability inventory: Bash for script execution and Write for file creation.\n
- Sanitization: No sanitization is performed on the extracted slide content.\n- [COMMAND_EXECUTION]: Uses Bash to run a Python script for extracting data from PowerPoint files.\n- [EXTERNAL_DOWNLOADS]: Requires installation of the python-pptx package from the standard PyPI registry.
Audit Metadata