magicslides
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user/agent to install a third-party package
magicslidesglobally vianpm install -g magicslides. This package originates from an unverified author and is not part of the trusted organizations list, posing a risk of executing unvetted code. - COMMAND_EXECUTION (LOW): The skill facilitates the execution of CLI commands that incorporate user-provided topics and URLs. While standard for this type of skill, it expands the attack surface.
- PROMPT_INJECTION (LOW): The
create-urlcommand introduces an indirect prompt injection surface (Category 8). - Ingestion points: The
--urlparameter accepts arbitrary web addresses. - Boundary markers: None specified to prevent the LLM from being influenced by instructions embedded in the target URL's content.
- Capability inventory: Shell command execution via the
magicslidesCLI. - Sanitization: No explicit sanitization or validation of the URL content is mentioned before processing.
Audit Metadata