pptx-translation
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data which creates an attack surface for indirect prompt injection. 1. Ingestion points: Reads .pptx and JSON files via python_backend/generate_pptx.py. 2. Boundary markers: No delimiters or instructions to ignore embedded content are specified. 3. Capability inventory: Access to Bash, Write, and Edit tools with subprocess execution. 4. Sanitization: No validation or sanitization of slide content is mentioned.
- [COMMAND_EXECUTION]: The agent uses the Bash tool to activate local virtual environments and execute internal Python scripts for file processing, which aligns with its primary purpose.
- [EXTERNAL_DOWNLOADS]: The skill references Supabase Storage and the Claude API (Anthropic), which are trusted platforms for storage and machine translation services.
Audit Metadata