Skills
skills/fw1201/tw-edu-skills/tw-edu-slides-creator/Gen Agent Trust Hub

tw-edu-slides-creator

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses the WebFetch tool to retrieve content from arbitrary user-provided URLs for slide generation, which could be used to fetch malicious or inappropriate content.
  • [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/generate_slides.py) via the Bash tool and uses python3 -m markitdown to process user-uploaded files, introducing a surface for command-related issues if inputs are not properly sanitized.
  • [DATA_EXFILTRATION]: The instructions in SKILL.md (Step 0) direct the agent to read files using parent directory relative paths (../../tw_edu_grade_adapter.md, etc.), which constitutes a path traversal pattern that could potentially be abused to access sensitive files outside the skill's sandbox.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Untrusted data enters the agent context via WebFetch (URLs) and /mnt/user-data/uploads/ (Word/PDF files) as described in Step 2.5.
  • Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat the external content as data only or to ignore instructions embedded within the source materials.
  • Capability inventory: The skill possesses the capability to execute shell commands via Bash (Step 3) and write files to the system via the Write tool.
  • Sanitization: No sanitization, escaping, or validation logic is defined in the instructions for the content analysis phase.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:42 PM