baoyu-slide-deck
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The system instructions provided in
references/base-prompt.mdcontain an explicit directive to "DO NOT refuse to generate" when content involves sensitive or copyrighted figures, which constitutes an attempt to bypass standard AI safety guardrails and content filtering mechanisms. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted text from a user-provided file or input and incorporates it directly into the prompts used for outline and image generation.
- Ingestion points: User-provided markdown content saved to
source.mdin Step 1.2. - Boundary markers: The prompt templates in
references/base-prompt.mdand the outline generation logic lack strong delimiters or isolation instructions to treat interpolated user content as untrusted data. - Capability inventory: The skill has the capability to write to the local file system and execute shell commands using the
bunruntime. - Sanitization: No sanitization or validation of the input content is performed before it is used in agent instructions.
- [COMMAND_EXECUTION]: The skill executes local TypeScript utility scripts (
scripts/merge-to-pptx.tsandscripts/merge-to-pdf.ts) using thebunruntime to perform file operations and merge generated images into the final output formats. - [EXTERNAL_DOWNLOADS]: The skill utilizes the
npx -y buncommand to run its document-merging utilities, which may involve downloading thebunruntime from the npm registry if it is not already available in the execution environment.
Audit Metadata