felo-slides
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface when processing user-provided presentation topics.
- Ingestion points: User input for the presentation content enters the system via the --query argument in the execution commands defined in SKILL.md.
- Boundary markers: The skill lacks explicit delimiters or instructions to help the model distinguish between system instructions and untrusted user input during API calls.
- Capability inventory: The skill includes a local script (scripts/run_ppt_task.mjs) capable of making network requests to an external API and reporting results back to the agent.
- Sanitization: There is no evidence of input validation or sanitization before the user string is passed to the shell command, creating a potential for command-line injection if not handled securely by the agent's execution environment.
- [EXTERNAL_DOWNLOADS]: The script run_ppt_task.mjs establishes network connections to https://openapi.felo.ai to create and track slide generation tasks. This is standard functionality for an API-based service provided by the vendor.
- [COMMAND_EXECUTION]: The skill requires the agent to execute a local Node.js script using the Bash tool to perform its primary logic.
Audit Metadata