ib-check-deck
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Python script,
scripts/extract_numbers.py, using a shell command to process numerical data extracted from presentation slides. This is an expected and functional part of the skill's design. - [PROMPT_INJECTION]: The skill ingests untrusted text from PowerPoint slides, creating a surface for indirect prompt injection. (1) Ingestion points: Slide text is written to
/tmp/deck_content.mdbefore processing. (2) Boundary markers: There are no explicit delimiters or instructions to prevent the agent from obeying commands embedded within the slide text. (3) Capability inventory: The agent can execute a bundled script and read/write to the local temporary directory. (4) Sanitization: The input slide content is not validated or sanitized for malicious instructions before being handled by the agent.
Audit Metadata