Skills
skills/flonat/claude-research/quarto-deck/Gen Agent Trust Hub

quarto-deck

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute several command-line utilities including reveal-md, npx, mkdir, ls, cp, open, R, Rscript, and python for managing project files and rendering presentations.
  • [EXTERNAL_DOWNLOADS]: The skill references and fetches resources from well-known services: it recommends installing reveal-md via npm and loads the MathJax library from https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js for rendering mathematical equations.
  • [REMOTE_CODE_EXECUTION]: The workflow includes the execution of Python and R scripts stored in the scripts/ directory to generate figures. These scripts are part of the project context but are executed with full access to the associated interpreters.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted Markdown data to perform a rhetoric review.
  • Ingestion points: Markdown files are read and analyzed by a sub-agent in Phase 5 of SKILL.md.
  • Boundary markers: The sub-agent prompt lacks specific delimiters or "ignore" instructions to prevent the model from following commands embedded in the Markdown content.
  • Capability inventory: The agent has access to powerful tools including Bash (with npx and python), Write, and Edit functions.
  • Sanitization: There is no evidence of sanitization or validation performed on the Markdown files before they are processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 07:17 PM