Skills
skills/ericosiu/ai-marketing-skills/deck-generator/Gen Agent Trust Hub

deck-generator

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted slide content and interpolates it directly into prompts for the Imagen 4.0 API. This represents an indirect prompt injection surface where malicious input could influence the generation process.
  • Ingestion points: Slide descriptions and names are read from user-provided input or an external JSON file via the --content argument in scripts/generate-deck.py.
  • Boundary markers: User-supplied strings are concatenated directly with style prefixes without markers or instructions to ignore embedded commands.
  • Capability inventory: The skill has file-write access and network access to Google APIs.
  • Sanitization: No sanitization is performed on the input content before it is used in prompt construction or file path generation.
  • [COMMAND_EXECUTION]: The script scripts/generate-deck.py is vulnerable to path traversal due to the use of unsanitized input to define file save locations.
  • Evidence: The name field from the input JSON is used in os.path.join(args.output_dir, f"{name}.png") to determine the image save path. A malicious input could use directory traversal sequences (e.g., ../../) to write files outside the intended output directory.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to an external service to fetch generated images.
  • Evidence: The script makes POST requests to generativelanguage.googleapis.com using urllib.request. This is a well-known service and is integral to the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 07:43 AM