Skills
skills/b-open-io/gemskills/deck-creator/Gen Agent Trust Hub

deck-creator

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The playground server and build scripts utilize system utilities to perform project management and asset processing.
  • Spawns git to manage local repositories and identify remote URLs.
  • Executes vercel CLI for linking projects and deploying deck presenters.
  • Uses zip to package the presentation assets for export.
  • Invokes osascript on macOS to provide a native folder picker for directory selection.
  • Spawns magick, sips, and headless Chrome/Chromium to process images and generate PDF exports.
  • [EXTERNAL_DOWNLOADS]: The skill fetches resources from well-known services and trusted providers.
  • Connects to Google Gemini APIs for content, image, and video generation.
  • Loads hls.js from jsdelivr.net for video streaming in the HTML presenter.
  • Imports typography from Google Fonts.
  • [REMOTE_CODE_EXECUTION]: The playground application renders LLM-generated HTML and CSS content using dangerouslySetInnerHTML.
  • This creates a surface for Indirect Prompt Injection where malicious input could attempt cross-site scripting (XSS).
  • Isolation is attempted via CSS scoping and use of iframe elements for thumbnails and final output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 08:10 PM