quarto-deck
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute commands including reveal-md, python, Rscript, and npx to render HTML slides and generate presentation figures.
- [EXTERNAL_DOWNLOADS]: The skill relies on the reveal-md tool, which is a legitimate package typically obtained from the well-known NPM registry.
- [PROMPT_INJECTION]: Phase 5 of the workflow involves a sub-agent reading Markdown presentation files, which presents an indirect prompt injection surface. Ingestion points: The sub-agent reads the content of the Markdown file at a specified path. Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands within the Markdown file. Capability inventory: The skill environment provides access to Bash, Write, and Edit tools. Sanitization: The skill does not perform sanitization or validation of the Markdown content before it is processed by the sub-agent.
Audit Metadata