pptx
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: XML parsing is securely implemented using 'defusedxml' in scripts like 'unpack.py' and 'pack.py' to prevent XML External Entity (XXE) vulnerabilities.
- [SAFE]: Command execution is limited to specific system tools ('soffice' and 'pdftoppm') with hardcoded or extension-derived arguments in 'thumbnail.py' and 'pack.py'.
- [SAFE]: Playwright rendering in 'scripts/html2pptx.js' is restricted to local files, which prevents potential web-based exploitation vectors.
- [SAFE]: The skill operates strictly on presentation assets and temporary files, maintaining a clear boundary from sensitive system data.
Audit Metadata