web-deck
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Node.js script (
serve-deck.mjs) and instructs the agent to run it in the background. This script functions as a local web server and uses Puppeteer to launch a headless browser instance for PDF generation. While these are documented features, they grant the skill significant local execution capabilities. - [EXTERNAL_DOWNLOADS]: The skill's PDF export functionality depends on the
puppeteerpackage, which must be downloaded from the npm registry. Puppeteer is a well-known and trusted library, but it involves downloading and executing external code. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted user content (slide outlines) and interpolates it directly into HTML templates without providing sanitization or escaping guidelines.
- Ingestion points: User-provided slide titles and bullet points processed in
SKILL.md. - Boundary markers: Absent. The skill uses raw string interpolation into HTML templates.
- Capability inventory: The bundled
serve-deck.mjsscript provides file system read access and the ability to execute a browser. - Sanitization: No sanitization or HTML escaping logic is implemented or suggested, allowing potential Cross-Site Scripting (XSS) if the user content contains malicious tags.
Audit Metadata