pitch-deck
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill workflow (Step 4) explicitly instructs the agent to run
python3 scripts/create_pitch_deck.py. Since the script is not provided in the skill package, its behavior cannot be verified, potentially leading to arbitrary code execution if the environment or agent provides a malicious version. - [COMMAND_EXECUTION] (MEDIUM): The skill uses
grepto search reference files. While the target is a local markdown file, using shell commands via the agent is a capability that should be restricted and monitored. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted user data (Company details, solutions, financials) and interpolates this data into a JSON file (
pitch_data.json) which is then processed by a command-line script. There are no boundary markers or sanitization steps mentioned to prevent a user from injecting malicious instructions or shell-breaking characters into the business data fields. - Ingestion points: Conversational input from the user (Step 1).
- Boundary markers: Absent; data is placed directly into JSON.
- Capability inventory: File writing,
grepexecution, andpython3script execution. - Sanitization: None; the workflow assumes the user provides benign text.
- [EXTERNAL_DOWNLOADS] (LOW): The troubleshooting section suggests running
pip3 install python-pptx. While this is a common library, it involves downloading external code from PyPI. Per [TRUST-SCOPE-RULE], this is a low-severity finding as it targets a standard registry.
Recommendations
- AI detected serious security threats
Audit Metadata