presentation-generator
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Cross-Site Scripting) through its data ingestion process.
- Ingestion points: The
scripts/generate-presentation.jsscript processes JSON or YAML files to populate HTML templates. - Boundary markers: Absent. There are no instructions or delimiters to prevent the rendering engine from interpreting embedded scripts or HTML tags within the content fields.
- Capability inventory: The skill can write files to the local system (
fs.writeFileSync) and execute browser-based tasks via Playwright (scripts/export-slides.js), which could be leveraged to execute malicious scripts if the generated HTML is opened. - Sanitization: Incomplete. While
escapeHtmlis defined, it is selectively applied. Several slide renderers (includingrepo,image,stats,grid,quote, andcomparison) interpolate properties likeurl,src,title, andvaluedirectly into the HTML string without escaping, allowing for attribute breakout and script injection. - [EXTERNAL_DOWNLOADS]: The skill utilizes external dependencies and assets from well-known services.
- Dependencies: Requires the
playwrightpackage for exporting slides to PNG and PDF formats. - CDNs: The
templates/base.htmlfile fetches theanime.jslibrary from Cloudflare's CDN and loads typography from Google Fonts. - [COMMAND_EXECUTION]: The skill provides scripts for local execution.
- Node.js Scripts: Includes
generate-presentation.js,export-slides.js, andmd-to-slides.jswhich perform file system operations and spawn browser instances for rendering.
Audit Metadata