Advisories for Pypi/Pptagent package

2026

PPTAgent: Arbitrary File Write via `save_generated_slides`

This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. The save_generated_slides MCP tool accepts a pptx_path argument and writes the generated PPTX file to that path without any workspace restriction or path validation:

PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image

The markdown_table_to_image tool accepts a caller-controlled path parameter and passes it directly to get_html_table_image:

PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. CodeExecutor.execute_actions (pptagent/apis.py:126-205) processes LLM-generated slide editing actions using Python's eval():