corporate-ppt-generator

The skill bundle is classified as suspicious due to critical security vulnerabilities in `src/index.py`. Specifically, the script is vulnerable to path traversal because it constructs the `output_path` using the unsanitized user-provided `output_filename`. Additionally, the use of `xml.etree.ElementTree` to parse the `block_xml` input without protection against external entities makes the skill susceptible to XML External Entity (XXE) attacks. While the code appears to be a legitimate tool for generating PowerPoint presentations and lacks evidence of intentional malice, these flaws provide a significant attack surface for unauthorized file access or manipulation.