proslide
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands such as
pnpm installandnpx slidev exportwithin the host environment to build the presentation project and render the final PDF document. - [REMOTE_CODE_EXECUTION]: It performs dynamic installation of Node.js packages from the npm registry. While it recommends standard Slidev themes, it allows for user-defined package names, creating a potential vector for executing malicious code via malicious or typosquatted packages.
- [EXTERNAL_DOWNLOADS]: The skill uses the
WebSearchcapability to fetch and ingest content from external websites to augment the slide content. - [DATA_EXFILTRATION]: The skill is configured to read local files (PDF, Markdown, Text) based on paths provided in the input, which presents a risk of exposing sensitive system information if the agent is directed to unauthorized paths.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted data into its reasoning loop.
- Ingestion points: Local user files and findings from
WebSearchare parsed into a 'Content Map' and 'Research Notes'. - Boundary markers: The instructions do not define clear delimiters or include 'ignore embedded instructions' warnings for the external data being processed.
- Capability inventory: The skill has high-privilege capabilities including filesystem write operations and arbitrary command execution via
pnpmandnpx. - Sanitization: There is no specified logic for sanitizing or validating external content before it is used to generate the presentation outline and final slides.
Audit Metadata