publish-to-pages
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches presentation data from Google Slides via a standard export URL. This is a reference to a well-known service used for its intended purpose of document conversion.
- [COMMAND_EXECUTION]: Executes several local tools including
gh(GitHub CLI),git,python3, andpdftoppm(part ofpoppler-utils). These commands are used to manage the user's repositories and perform file format conversions as described in the skill's purpose. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection and abuse of platform capabilities.
- Ingestion points: Processes arbitrary PPTX, PDF, and HTML files provided by the user, as well as remote Google Slides content.
- Boundary markers: There are no explicit markers or instructions to the agent to ignore potentially malicious embedded content within the source documents.
- Capability inventory: The skill possesses the capability to create public GitHub repositories and host content online via GitHub Pages using the user's authenticated session.
- Sanitization: The conversion scripts (convert-pdf.py and convert-pptx.py) extract text and images into a new HTML file without sanitizing or validating the content, which could allow for the propagation of phishing scripts or malicious instructions if the input is compromised.
- [DATA_EXFILTRATION]: Repositories are created as public by default. Users must be explicitly aware that any content processed will be accessible to the public on the internet immediately upon deployment.
Recommendations
- HIGH: Downloads and executes remote code from: https://docs.google.com/presentation/d/PRESENTATION_ID/export/pptx - DO NOT USE without thorough review
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata