Skills
skills/zai-org/glm-skills/glmv-pdf-to-ppt/Gen Agent Trust Hub

glmv-pdf-to-ppt

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses curl to download PDF files from remote URLs provided by the user (SKILL.md, Phase 1).
  • [COMMAND_EXECUTION]: The skill executes multiple local Python scripts to perform PDF conversion, image cropping, and slide generation (pdf_to_images.py, crop.py, generate_slide.py). It also invokes pip install to manage dependencies (SKILL.md).
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes untrusted data from PDF files which the agent is instructed to 'read' and 'absorb' (SKILL.md, Phase 2).
  • Ingestion points: External PDF documents provided via local path or URL (SKILL.md).
  • Boundary markers: No specific delimiters or instructions are provided to the agent to ignore potentially malicious commands embedded within the PDF content.
  • Capability inventory: The skill possesses network access (via curl), file system write capabilities, and the ability to execute shell commands and Python scripts.
  • Sanitization: There is no evidence of sanitization or filtering of the visual or textual content extracted from the PDF images before the agent processes them.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:44 AM