presentation-builder
Fail
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones a tool from an untrusted repository (
https://github.com/vkehfdl1/slides-grab.git).\n- [REMOTE_CODE_EXECUTION]: The agent is instructed to execute the downloaded code vianpm ciandnpm exec, and download browser binaries via Playwright. This enables arbitrary code execution from an unverified source.\n- [COMMAND_EXECUTION]: The workflow relies on various commands from the unverifiedslides-grabpackage, granting it the ability to perform operations on the host system.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted user input into HTML slides.\n - Ingestion points: User goals and source material provided in prompts (SKILL.md).\n
- Boundary markers: None; untrusted content is interpolated directly into slide HTML files.\n
- Capability inventory: Subprocess execution via CLI, file-write access for HTML and artifacts, and network access for package/binary installation (SKILL.md).\n
- Sanitization: No input validation or output escaping is performed on user-supplied content.
Recommendations
- AI detected serious security threats
Audit Metadata