project-deck
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core workflow requires reading and processing untrusted external data.
- Ingestion points: The skill explicitly instructs the agent to read "project context", "progress logs", "current focus", and "recent work" from the local filesystem.
- Boundary markers: There are no instructions provided to wrap external content in delimiters or to ignore potential instructions embedded within those files.
- Capability inventory: The agent has permissions for file operations (
Read,Write,Edit) and system command execution viaBashfor LaTeX compilation. - Sanitization: No sanitization or validation logic is defined to filter malicious content from the ingested project data before it is processed.
- [COMMAND_EXECUTION]: The skill utilizes
Bashto execute LaTeX compilation tools (latexmk,xelatex,pdflatex). While necessary for the skill's primary purpose of generating PDF presentations, executing these binaries via shell can be a security risk if the LaTeX environment is not properly sandboxed, particularly if features like shell-escape are enabled.
Audit Metadata