slidev-builder
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands
pnpm installandnpx slidev exportto build the presentation project and generate a PDF. These operations occur in a dynamically created output directory. - [EXTERNAL_DOWNLOADS]: The skill downloads multiple Node.js packages from the npm registry, including
@slidev/cliandplaywright-chromium. It also fetches Slidev themes which are external dependencies. - [REMOTE_CODE_EXECUTION]: By allowing users to specify arbitrary npm package names for themes (e.g., "User cũng có thể nhập tên bất kỳ Slidev theme từ npm"), the skill facilitates the download and execution of untrusted external code via the
pnpm installstep. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from user-provided text or file paths to generate the presentation content.
- Ingestion points: Step 1 in
SKILL.mdspecifies reading input from direct text or file paths. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill can execute shell commands (
pnpm,npx) and read/write to the local filesystem (output/folder). - Sanitization: There is no evidence of validation or sanitization for the input content before it is interpolated into the slide generation process.
Audit Metadata