pptx
Warn
Audited by Snyk on Mar 6, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's required "Create from scratch" flow references pptxgenjs.md (linked from SKILL.md) which explicitly shows adding images and backgrounds from arbitrary URLs (e.g., slide.addImage({ path: "https://example.com/image.jpg" }) and slide.background = { path: "https://example.com/bg.jpg" }) and the QA workflow instructs subagents to visually inspect slide images, so the agent will fetch and read untrusted third‑party content (remote images/web resources) that can influence edits and verification actions.
Audit Metadata