slides-revealjs
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill incorporates external JavaScript dependencies from trusted and well-known CDNs to provide plugin functionality.\n
- Evidence: Templates in SKILL.md and documentation in the references directory use scripts hosted on jsd.onmicrosoft.cn (Microsoft-hosted mirror) and cdnjs.cloudflare.com (Cloudflare).\n
- Impact: These references are used for official or well-established plugins such as Mermaid, Chart.js, and KaTeX.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its primary function of processing user-supplied content into structured slides.\n
- Ingestion points: User-provided documents or content specifications are analyzed to create slide layouts (SKILL.md, Core Workflow).\n
- Boundary markers: The instructions do not specify the use of clear delimiters or warnings to ignore instructions embedded in the source text.\n
- Capability inventory: The agent generates HTML content that can include script tags, iframes, and data-driven plugins.\n
- Sanitization: There is no explicit step for sanitizing or escaping user content before it is used to generate presentation markup.
Audit Metadata