presentation-generator
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill depends on 'playwright', which downloads browser binaries (Chromium) to the local machine during setup. While Playwright is a reputable library, this involves significant external binary execution.
- [COMMAND_EXECUTION] (MEDIUM): The 'export-slides.js' script launches a Chromium instance and loads local HTML files using 'page.goto' with the 'file://' protocol. It uses 'page.evaluate' to execute JavaScript within the browser context. This presents a risk of local file access if the input content (JSON, YAML, or Markdown) used to generate the HTML is untrusted and contains malicious script tags (XSS).
- [DATA_EXFILTRATION] (LOW): A theoretical vector exists for local file exposure. If a crafted input file triggers XSS within the Playwright instance, the 'file://' protocol allows the browser to read local files, which could then be exfiltrated via browser-based network requests.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection. 1. Ingestion points: 'scripts/generate-presentation.js' and 'scripts/md-to-slides.js' process user-controlled JSON and Markdown. 2. Boundary markers: No sanitization logic or delimiters are evident in the provided code to prevent script injection. 3. Capability inventory: Playwright browser automation and filesystem write operations ('fs.mkdirSync', 'fs.renameSync'). 4. Sanitization: Absent from the provided script snippets.
Audit Metadata