slideshow
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches Reveal.js, Mermaid, KaTeX, and Chart.js from the jsdelivr content delivery network. These are well-known libraries used for presentations and diagrams.
- [COMMAND_EXECUTION]: Uses the Bash tool with the open command to display the generated HTML file in the user's default browser.
- [REMOTE_CODE_EXECUTION]: Generates a standalone HTML file containing embedded JavaScript for rendering slides, diagrams, and charts. This behavior is necessary for the skill's primary function.
- [PROMPT_INJECTION]: The skill processes user-supplied technical concepts to generate the slideshow content, creating an attack surface for indirect injection. (1) Ingestion points: User-provided topics and descriptions are used to populate the content of the slides in SKILL.md. (2) Boundary markers: No specific delimiters or instructions are provided to the agent to ignore potentially malicious content within the user input. (3) Capability inventory: The skill uses Write to create the HTML file and Bash(open *) to launch it, which could trigger scripts if the content is malicious. (4) Sanitization: The skill lacks explicit sanitization logic, relying on the underlying model's safety filters when generating the HTML structure.
Audit Metadata