slidev
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The documentation references standard CLI commands for project creation, local development, and building static assets (e.g.,
pnpm create slidev,slidev build,slidev export). - [REMOTE_CODE_EXECUTION]: The framework features a Monaco editor component with
{monaco-run}, which allows code to be executed within the presentation environment. It also supports extensibility throughsetup/hooks andvite.config.ts, which execute in the development environment. - [PROMPT_INJECTION]: As a markdown rendering framework, the tool presents an indirect prompt injection surface if used to process untrusted content. Features like the
iframelayout and remote slide imports (src) allow for the inclusion of external data. 1. Ingestion points:slides.mdand snippets directory. 2. Boundary markers: No explicit security delimiters for content are defined. 3. Capability inventory: Support for iframes, network-linked videos, and host-level script execution via setup files. 4. Sanitization: No content sanitization is documented as the tool is intended for developer-authored content.
Audit Metadata