presentation-creator
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to scaffold a complete web application project and suggests executing package manager commands such as 'npm install', 'npm run dev', and 'npm run build' to manage dependencies and generate the final presentation output.
- [EXTERNAL_DOWNLOADS]: The generated 'index.html' includes links to fetch typography and icon assets from Google Fonts ('fonts.googleapis.com'), which is a well-known and trusted service for web development.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user-provided requirements (topics, data, and narrative) and interpolates them into the generated React source code. While this is the primary function of the skill, it relies on the user providing safe data, as there are no explicit instructions for sanitizing or escaping the interpolated content within the generated JSX templates.
- Ingestion points: User input provided during Step 1 (Requirements Gathering) is used to populate headings, subtitles, and data arrays in 'App.jsx' and 'Charts.jsx'.
- Boundary markers: None present; user input is directly placed into string literals and JSX tags.
- Capability inventory: The skill generates code that can execute in a browser and suggests local shell command execution for building the project.
- Sanitization: Absent; the instructions do not specify validation or encoding of user-provided strings before they are embedded in the project files.
Audit Metadata