ln-150-presentation-creator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js script (
node build-presentation.js) to combine HTML templates and injected content into a standalone presentation file. - [EXTERNAL_DOWNLOADS]: The generated presentation references the Mermaid.js library from the JSDelivr CDN (
https://cdn.jsdelivr.net/npm/mermaid@11/dist/mermaid.min.js) for rendering C4 and ER diagrams. - [PROMPT_INJECTION]: The skill ingests data from local Markdown files in
docs/to populate the presentation tabs. This processing of untrusted content represents a surface for indirect prompt injection. - Ingestion points: Markdown documentation files in
docs/project/,docs/reference/, anddocs/tasks/. - Boundary markers: The skill does not use explicit boundary markers in the template tags, though Phase 6 instructions require XSS escaping.
- Capability inventory: The skill can execute Node.js scripts, create directories, and copy files.
- Sanitization: The instructions (Phase 6.2) specify escaping special characters for XSS prevention during content injection.
Audit Metadata