slides-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): In
scripts/export-pdf.js, Puppeteer is launched with the--no-sandboxand--disable-setuid-sandboxflags. These flags disable the Chromium sandbox, a critical security boundary. While this is a common workaround for permissions issues in containerized environments, it is a security anti-pattern that could be exploited if the browser were directed to a malicious site. The risk is downgraded to LOW as the tool is designed to render locally generated content. - EXTERNAL_DOWNLOADS (LOW): The skill's
package.jsonspecifies a wide range of dependencies from the NPM registry. The installation process involves downloading executable binaries (Chromium for Puppeteer). While these are from trusted sources, they represent a significant attack surface during setup. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its workflow of ingesting untrusted user data to generate executable React code.
- Ingestion points: User responses gathered through the flow defined in
references/context-guide.md. - Boundary markers: None identified; user input is interpolated directly into slide templates.
- Capability inventory: The skill possesses the ability to run local servers (
npm run dev), execute browser automation (puppeteer), and recommends the use of theagent-browserskill for verification. - Sanitization: No explicit sanitization or escaping of user-provided content is present in the templates; the skill relies entirely on the LLM's output safety.
Audit Metadata