create-ppt-with-nano-banana
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill requires executing 'node ./scripts/fluxa-cli.bundle.js' and 'require("./html2pptx")'. Neither file is provided in the source, preventing safety verification. Bundled JavaScript is a common vector for obfuscating malicious operations.
- CREDENTIALS_UNSAFE (HIGH): The skill documentation explicitly references a sensitive configuration file at '~/.fluxa-ai-wallet-mcp/.agent-config.json' containing JWTs and tokens, making them a primary target for exposure or theft.
- COMMAND_EXECUTION (HIGH): The skill mandates the execution of multiple CLI commands via 'fluxa-cli.bundle.js' for initialization and financial transactions, representing a high-privilege capability set.
- DATA_EXFILTRATION (MEDIUM): Authorization tokens and payment signatures are sent to 'https://proxy-monetize.fluxapay.xyz/nano-banana/gen-image', which is an external, non-whitelisted domain.
- PROMPT_INJECTION (LOW): This skill is vulnerable to indirect prompt injection.
- Ingestion points: User-provided presentation topics and slide content entering through the agent prompt.
- Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are used in the provided templates.
- Capability inventory: File writing (pptx.writeFile), Network requests (Nano Banana API), and Command execution (fluxa-cli.bundle.js).
- Sanitization: No evidence of input escaping or validation for user-provided strings used in HTML templates or AI prompts.
Recommendations
- AI detected serious security threats
Audit Metadata