presentation-builder
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to clone an external repository (https://github.com/vkehfdl1/slides-grab.git) and execute its code via 'npm ci' and 'npm exec'. This allows unverified code from a third-party source to run on the system.\n- [EXTERNAL_DOWNLOADS]: The setup process triggers downloads of source code from an untrusted GitHub user and the Chromium browser binary.\n- [COMMAND_EXECUTION]: The workflow uses multiple shell commands, including git, npm, and the custom slides-grab CLI, for environment setup and presentation processing.\n- [PROMPT_INJECTION]: The skill processes untrusted user data to generate HTML slides, creating an indirect prompt injection surface. 1. Ingestion point: User goals and source materials in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls to the slides-grab tool in SKILL.md. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata