slidev
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill documentation guides the agent to use the Slidev CLI for development and build tasks (e.g.,
slidev build,slidev export). It also details features likemonaco-runwhich allows the execution of JavaScript and TypeScript code blocks directly within the presentation environment.- [DATA_EXFILTRATION] (LOW): The documentation describes theslidev --remote --tunnelcommand, which utilizes Cloudflare Quick Tunnels to make the local presentation server accessible via a public URL. This is a legitimate feature for remote sharing but requires user awareness of the network exposure.- [EXTERNAL_DOWNLOADS] (LOW): The skill identifies several external dependencies required for full functionality, including theplaywright-chromiumpackage for PDF rendering and various@iconify-jsonpackages for icon support.- [PROMPT_INJECTION] (LOW): The skill introduces a surface for indirect prompt injection (Category 8) because it instructs the agent on how to generate slides from user input that can include executable code blocks or file-writing commands. - Ingestion points: Slide content generated from user prompts; external markdown files imported using the
srcattribute. - Boundary markers: Uses standard Markdown slide separators (
---) and frontmatter blocks to delimit content. - Capability inventory: Browser-side code execution via
monaco-run, file system writes viamonaco-write, and network exposure via--tunnel. - Sanitization: No specific sanitization or filtering instructions are provided in the skill documentation; it relies on the default security model of the Slidev and Vite ecosystem.
Audit Metadata