PPT Generator Pro with Driving Effect
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to facilitate PPT generation and financial operations.
- Uses
curlto interact with external image and video generation APIs viaproxy-monetize.fluxapay.xyz. - Utilizes the
fluxa-walletCLI tool for managing API payments and on-chain transactions. - [EXTERNAL_DOWNLOADS]: The skill documentation recommends the installation of external dependencies.
- Directs the user to install
@fluxa-pay/fluxa-walletglobally vianpmto enable the payment features. - Fetches API metadata and endpoint discovery information from vendor-managed servers.
- [DATA_EXFILTRATION]: The skill transmits user-provided content and generated prompts to external processing services.
- Transmits document content and image generation prompts to the Nano Banana and Kling AI APIs hosted at
proxy-monetize.fluxapay.xyz. - These operations are documented as the primary function of the skill and utilize vendor-owned infrastructure.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its document analysis phase (Category 8).
- Ingestion points: Document content provided by the user (or generated) is read from the local environment and processed to create
slides_plan.json. - Boundary markers: The prompt templates do not currently implement specific boundary markers or 'ignore embedded instructions' directives when interpolating user content.
- Capability inventory: The skill has the ability to execute network requests, write files to the local disk, and perform financial transactions via the wallet CLI.
- Sanitization: No explicit sanitization or filtering of user-provided document content is performed before it is included in the LLM prompts for image/video generation.
Audit Metadata