Skills
skills/huyansheng3/ppt-skills/single-slide-ppt/Gen Agent Trust Hub

single-slide-ppt

Fail

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides code templates in SKILL.md and IMAGE_GUIDE.md that use child_process.execSync to run shell commands.
  • [COMMAND_EXECUTION]: The downloadImage function template uses unsanitized variables (url, outputPath) within a shell command: execSync(curl -o ${outputPath} "${url}", ...). This creates a command injection risk if the URL or file path is derived from untrusted input and contains shell metacharacters.
  • [EXTERNAL_DOWNLOADS]: The skill fetches architecture diagrams and product assets from the official Visual Studio Code documentation to enhance slides.
  • [PROMPT_INJECTION]: The skill features a surface for indirect prompt injection (Category 8). It is instructed to fetch content from the web to extract URLs for download and inclusion in slides.
  • Ingestion points: Web content retrieved via fetch_web for URL extraction.
  • Boundary markers: No explicit delimiters are used to separate fetched content from instructions.
  • Capability inventory: Use of child_process.execSync for command execution and pptx.writeFile for file system operations.
  • Sanitization: The provided templates lack sanitization for URLs retrieved from external sources before they are passed to the shell.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 28, 2026, 06:02 PM