pitch-deck
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Raw user input is gathered in Step 1 (Company basics, Problem, Solution, etc.) and written directly to
pitch_data.jsonin Step 3. - Boundary markers: The instructions lack any delimiters (like XML tags or block quotes) or system prompts to treat this data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has the capability to write files (
pitch_data.json), execute shell commands (grep), and run Python scripts (python3 scripts/create_pitch_deck.py). - Sanitization: There is no evidence of data sanitization or validation before the untrusted content is used in file-writing or script-execution workflows. This creates a risk where malicious instructions hidden in the user's pitch details could influence the agent or the script.
- [COMMAND_EXECUTION] (MEDIUM): The workflow involves executing shell commands like
grepandpython3. While the instructions specify structure, the use of variables in these commands (e.g., in thegreppattern or filename arguments in Step 4) creates a surface for command injection if the agent is manipulated by user input. Additionally, it relies on an unprovided script (scripts/create_pitch_deck.py). - [EXTERNAL_DOWNLOADS] (LOW): The skill documentation suggests installing the
python-pptxlibrary from PyPI. While this is a standard library, it is an external dependency from an untrusted authoring organization (AI Labs), which is outside the defined trust scope.
Recommendations
- AI detected serious security threats
Audit Metadata