canghe-slide-deck
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The file 'references/base-prompt.md' includes an instruction stating 'DO NOT refuse to generate' when dealing with sensitive or copyrighted figures, which is a directive intended to override the AI's internal safety and refusal guardrails.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection risk by interpolating untrusted user data into prompts for an image generation skill. * Ingestion points: User content is read from local files or pasted into the chat context as specified in 'SKILL.md'. * Boundary markers: Although 'references/base-prompt.md' uses structural headers, it lacks explicit 'ignore instructions' delimiters for the interpolated user content. * Capability inventory: The skill triggers external image generation and executes shell commands via 'npx'. * Sanitization: No validation or escaping is applied to the user content before it is used to construct prompts.
- [COMMAND_EXECUTION]: The skill performs shell command execution using 'npx -y bun' to run its bundled TypeScript scripts, 'scripts/merge-to-pptx.ts' and 'scripts/merge-to-pdf.ts', which are used to produce the final presentation files.
Audit Metadata