Skills
skills/jimliu/baoyu-skills/baoyu-slide-deck/Gen Agent Trust Hub

baoyu-slide-deck

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local TypeScript scripts merge-to-pdf.ts and merge-to-pptx.ts using the Bun runtime to assemble generated images into final documents. These scripts are self-contained within the skill directory and execute standard file manipulation operations.
  • [PROMPT_INJECTION]: The skill processes external markdown content to derive slide outlines and image prompts, establishing a surface for indirect prompt injection. Ingestion points: Markdown content processed from source.md or user paste. Boundary markers: Relies on markdown structural headers without specific isolation directives. Capability inventory: Executes local scripts via bun and triggers external image generation skills. Sanitization: No explicit sanitization or input filtering logic is present for the ingested content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 12:03 PM