Skills
skills/eoash/ash-skills/ppt-design-system/Gen Agent Trust Hub

ppt-design-system

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted user data to populate PowerPoint slide content.
  • Ingestion points: User-provided strings, table data, and chart values are ingested into PptxGenJS templates across the skill files.
  • Boundary markers: The instructions do not define boundary markers or delimiters to isolate user-provided data from the generated code logic.
  • Capability inventory: The generated code has the capability to create files and process images using the sharp system library.
  • Sanitization: There are no explicit validation or sanitization steps mentioned for user input before it is interpolated into the generated scripts.
  • [COMMAND_EXECUTION]: The skill provides templates for generating and executing JavaScript code that utilizes the sharp library for image manipulation and SVG-to-PNG conversion.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 03:24 PM