html-presentation
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill incorporates external scripts and styles from trusted sources including JSDelivr, Unpkg, and Google Fonts to enable presentation features like Reveal.js and Lucide icons.
- [PROMPT_INJECTION]: The skill includes a surface for indirect prompt injection as it processes untrusted user-provided documents to generate presentation content.
- Ingestion points:
SKILL.md(Step 1) indicates the agent reads uploaded documents or provided textual content to analyze sections and key points. - Boundary markers: There are no specific delimiters or instructions for the agent to disregard instructions embedded within the source document.
- Capability inventory: The skill performs file writing operations to create a self-contained HTML file (e.g.,
presentation.html). - Sanitization: The instructions do not explicitly require the agent to escape or sanitize user content before placing it into the HTML template, which is typical for content transformation skills.
Audit Metadata