marp-slide
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The CSS themes and templates include
@importstatements to load fonts fromfonts.googleapis.com. - Evidence: Found in
assets/template-basic.mdandassets/theme-default.cssamong others. - Assessment: These requests target a Trusted External Source (Google) for legitimate styling purposes.
- INDIRECT_PROMPT_INJECTION (LOW): The skill interpolates user-provided content into slide templates, which is a standard surface for indirect prompt injection.
- Ingestion points: User-provided topics and content for slide generation (referenced in
SKILL.md). - Boundary markers: Templates use Marp horizontal rules (
---) and headers (##) as structural delimiters. - Capability inventory: The skill is restricted to generating and saving Markdown files (
.md) to the project output directory. - Sanitization: No specific sanitization of user-provided content is performed before interpolation, but the output format (Markdown/CSS) has a low exploitation potential for the agent itself.
- DATA_EXPOSURE (SAFE): No evidence of access to sensitive files or credentials was found. The skill only reads its own internal assets and references.
Audit Metadata