Skills
skills/inferen-sh/skills/pitch-deck-visuals/Gen Agent Trust Hub

pitch-deck-visuals

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh CLI to run applications such as infsh/html-to-image, infsh/python-executor, and falai/flux-dev-lora to generate visual content. This involves executing system commands and Python scripts provided within the skill.
  • [EXTERNAL_DOWNLOADS]: The documentation references and suggests installing additional skills from the inference-sh organization using the npx skills add command.
  • [PROMPT_INJECTION]: The skill uses templates that involve executing code or rendering HTML based on inputs. This presents a surface for indirect prompt injection if an agent populates these templates with untrusted user data without sanitization.
  • Ingestion points: Markdown code blocks in SKILL.md designed for tool execution (e.g., --input JSON strings).
  • Boundary markers: None identified.
  • Capability inventory: Shell command execution via infsh, Python script execution (via python-executor), and local file creation (e.g., market-size.png).
  • Sanitization: No explicit validation or escaping of user-provided content is defined for the command payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 09:57 PM