presentation-builder
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation references and depends on an external tool
slides-grab(hosted athttps://github.com/vkehfdl1/slides-grab). This repository belongs to an unverified individual user rather than a trusted organization or well-known service provider. - [COMMAND_EXECUTION]: The skill's instructions require the agent to execute various shell commands using the
slides-grabCLI, such asbuild-viewer,validate,edit,convert, andpdf. Running unvetted third-party binaries can lead to arbitrary code execution if the tool is malicious or compromised. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its core workflow of processing untrusted external data.
- Ingestion points: The agent is instructed to ingest product briefs, documents, and other source materials (e.g., in
SKILL.mdSteps 1 and 2) to generate slide content. - Boundary markers: The instructions lack specific guidance on using delimiters (like XML tags or triple backticks) or instructions to ignore potential commands embedded in the source materials.
- Capability inventory: The skill possesses the ability to read and write files and execute shell commands via the
slides-grabtool. - Sanitization: There is no evidence of sanitization or validation logic to filter out malicious instructions that might be present in the user-provided briefs or documentation.
Audit Metadata