revealjs-slides
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The template loads various Javascript and CSS resources from external CDNs, including
cdn.jsdelivr.net,cdnjs.cloudflare.com, andfonts.googleapis.com. While these are widely used and generally considered trustworthy, they represent external dependencies loaded at runtime. - [Indirect Prompt Injection] (LOW):
- Ingestion points: The template uses placeholders
{{TITLE}},{{SUBTITLE}},{{AUTHOR}}, and{{DATE}}withinassets/template.htmlto insert data into the DOM. - Boundary markers: No boundary markers or escaping instructions are present in the template to separate the placeholders from the surrounding HTML/JS context.
- Capability inventory: The template initializes
reveal.jswith plugins for Markdown, Highlight.js, and Mermaid, which can render complex content and execute script logic in the browser context. - Sanitization: There is no evidence of sanitization within the template file itself. If the AI agent populates these fields with untrusted data (e.g., from a web search or user input), it could lead to Cross-Site Scripting (XSS) or downstream instruction injection.
Audit Metadata