html-ppt-skill
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted user data into HTML templates that are processed by the agent and a rendering engine. * Ingestion points: Presentation content fields such as titles, bullet points, and quotes in the HTML templates. * Boundary markers: There are no delimiters or instructions for the agent to ignore potentially malicious embedded instructions in the user-supplied content. * Capability inventory: The skill includes shell scripts for scaffolding (new-deck.sh) and rendering (render.sh), the latter of which operates a headless browser. * Sanitization: The skill does not specify any sanitization or escaping mechanisms for user data before it is interpolated into the presentation HTML.
- [EXTERNAL_DOWNLOADS]: The skill fetches legitimate JavaScript libraries for code highlighting and data visualization from well-known CDNs (cdnjs.cloudflare.com and cdn.jsdelivr.net).
- [COMMAND_EXECUTION]: The skill provides utility scripts to assist with developer workflows: ./scripts/new-deck.sh for generating new slide projects and ./scripts/render.sh for rendering the HTML presentations into static images using Headless Chrome.
Audit Metadata