Skills
skills/ks6088ts-labs/skills/marp-slide-creator/Gen Agent Trust Hub

marp-slide-creator

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Unverifiable Dependencies & Remote Code Execution] (LOW): The technical slide template in references/template.md includes a <script> tag that fetches the Mermaid library from https://cdn.jsdelivr.net/npm/mermaid@latest/dist/mermaid.esm.min.mjs. Use of the @latest version tag is unverifiable and could lead to issues if the upstream library is compromised. The severity is set to LOW as this is a standard and intended mechanism for enabling diagrams in Marp slides.
  • [Indirect Prompt Injection] (LOW): The skill ingests user requirements and outlines to generate presentation content, which creates a surface for indirect instructions to influence agent behavior.
  • Ingestion points: User-provided purpose, outline, and slide content collected as described in SKILL.md.
  • Boundary markers: Absent; there are no specific delimiters or instructions for the agent to treat input exclusively as data.
  • Capability inventory: Capability to write files (slides.md) and include potentially executable HTML/JavaScript tags in the output.
  • Sanitization: Absent; no explicit sanitization or validation of user-provided strings is mentioned before interpolation into the Markdown output.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:21 PM