Skills
skills/colonelpanic8/dotfiles/slides/Gen Agent Trust Hub

slides

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates and executes raw JavaScript code within a Node.js environment via the artifacts tool to build and render slides.
  • [EXTERNAL_DOWNLOADS]: The instructions describe fetching images from external URLs or local paths to embed them into slides, though no specific untrusted remote execution patterns were found.
  • [DATA_EXFILTRATION]: The skill uses node:fs/promises to read files from the disk (e.g., images for slides) and write presentation files (.pptx) and previews (.png) to the artifacts/ directory.
  • [PROMPT_INJECTION]: The skill processes untrusted data (user-provided text, images, and imported PPTX files) which could contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: Data enters via user prompts for slide content and through the PresentationFile.importPptx method which loads external files.
  • Boundary markers: None identified in the provided instructions to delimit user-provided data from system instructions.
  • Capability inventory: Access to the local filesystem via node:fs/promises and the ability to execute JavaScript via the artifacts tool.
  • Sanitization: No explicit sanitization or validation of imported content or user text is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:28 AM