slidev-multi-agent
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill manages project dependencies by installing '@slidev/cli', '@slidev/theme-default', and 'playwright-chromium' via npm from the official registry. It also includes a documentation synchronization script, 'scripts/sync-references.mjs', which fetches markdown files from trusted domains including sli.dev, openai.com, anthropic.com, and openclaw.ai to keep the agent's reference material up to date.\n- [COMMAND_EXECUTION]: The skill features several shell scripts that wrap the Slidev CLI. These scripts enable the agent to initialize projects, start development servers, build static SPAs, and export decks to various formats like PDF and PPTX.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to read, edit, and process Slidev markdown files which may contain untrusted content.\n
- Ingestion points: Slide markdown files ('slides.md') and project directory structures are read by the agent during creation and editing tasks.\n
- Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard embedded instructions within the ingested files.\n
- Capability inventory: The skill allows the agent to write files to the workspace and execute CLI commands through shell scripts that interact with the Slidev ecosystem.\n
- Sanitization: The skill does not perform sanitization or validation of the markdown content before processing or execution through the Slidev CLI.
Audit Metadata