slidev-theme-neversink
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/setup_presentation.pyutilizessubprocess.runwithshell=Trueto execute system commands for project initialization and dependency management, includingnpm installanduv addoperations. - [EXTERNAL_DOWNLOADS]: The
scripts/setup_presentation.pyscript automates the installation of packages from external registries (npm) during the project setup phase to install the Slidev CLI and themes. - [EXTERNAL_DOWNLOADS]: The
assets/examples/generate_slides.pyscript is designed to fetch content from remote API endpoints using therequestslibrary based on user-supplied URLs. - [PROMPT_INJECTION]: The
assets/examples/generate_slides.pyutility creates a surface for indirect prompt injection. - Ingestion points: Data enters the system via the
load_datafunction inassets/examples/generate_slides.pyfrom external JSON, CSV, or API sources. - Boundary markers: Absent; data is directly interpolated into slide templates.
- Capability inventory: The script performs file-write operations to create
slides.md. - Sanitization: Absent; the script does not perform escaping or validation on the content fetched from external sources before embedding it into the Markdown output.
Audit Metadata