presentation-builder
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning a repository from an unverified GitHub account (https://github.com/vkehfdl1/slides-grab.git) which is not identified as a trusted organization or well-known service.\n- [REMOTE_CODE_EXECUTION]: The instructions direct the agent to install dependencies and execute code from the downloaded repository using
npm ciandnpm exec. This sequence facilitates the execution of third-party code that has not been audited for safety.\n- [COMMAND_EXECUTION]: Several shell commands are used for installation and operation, includinggit clone,npx playwright install, and various CLI operations for building and converting slides.\n- [PROMPT_INJECTION]: The skill processes user-supplied briefs and documents to create HTML slides, which presents an indirect prompt injection risk.\n - Ingestion points: User-provided presentation goals, audience details, and source material as described in the workflow sections of SKILL.md and SKILL.toon.\n
- Boundary markers: No specific delimiters or instructions are provided to the agent to disregard potentially malicious instructions within the processed user data.\n
- Capability inventory: The skill possesses capabilities for shell command execution via npm and the slides-grab tool, as well as file system access to create and modify HTML files.\n
- Sanitization: There is no evidence of input validation or sanitization before the external content is integrated into the presentation artifacts.
Recommendations
- AI detected serious security threats
Audit Metadata