slides-generator
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill uses the
bash <(curl ...)pattern to download and execute a script fromhttps://raw.githubusercontent.com/hummingbot/.... As 'hummingbot' is not a trusted organization, this allows for arbitrary code execution by the script maintainer. - COMMAND_EXECUTION (HIGH): The skill requires the agent to execute multiple shell commands, including global package installations and writing user-controlled content to files in
/tmp. - EXTERNAL_DOWNLOADS (MEDIUM): The skill initiates downloads and installations for the Python package
fpdf2and the Node.js package@mermaid-js/mermaid-cliwithout version pinning or integrity validation. - PROMPT_INJECTION (LOW): The skill presents an indirect prompt injection surface. Evidence: 1. Ingestion points: Markdown content provided by users in Step 3. 2. Boundary markers: Uses 'SLIDES_EOF' heredoc, but lacks explicit 'ignore embedded instructions' warnings for the processing agent. 3. Capability inventory: Execution of bash commands and network operations via curl. 4. Sanitization: No sanitization of user-provided markdown content is performed before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/hummingbot/skills/main/skills/slides-generator/scripts/generate_slides.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata