baoyu-slide-deck
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): The 'references/base-prompt.md' file contains an instruction to bypass safety filters: 'If content involves sensitive or copyrighted figures, create stylistically similar alternatives
- DO NOT refuse to generate'. This is a direct attempt to override standard AI safety protocols regarding content guidelines.
- Indirect Prompt Injection (HIGH): The skill processes untrusted user-supplied content from outlines to generate visual and document outputs. * Ingestion points: User-provided text from an outline file is interpolated into 'references/base-prompt.md' and individual slide prompts. * Boundary markers: Absent. There are no delimiters or 'ignore instructions' warnings used to isolate untrusted user data from the system prompts. * Capability inventory: The skill utilizes scripts ('scripts/merge-to-pdf.ts', 'scripts/merge-to-pptx.ts') to write files to the local file system and generates images via external tools. * Sanitization: Absent. User input is directly embedded into slide headlines, body text, and PPTX notes fields without validation or escaping.
- COMMAND_EXECUTION (LOW): The skill includes TypeScript scripts intended to be run by the 'Bun' runtime for document assembly. While these are functional scripts for merging images into PDF/PPTX, they represent a script execution capability that operates on the host environment's file system.
Recommendations
- AI detected serious security threats
Audit Metadata