Skills
skills/mineru98/skills-store/frontend-slides/Gen Agent Trust Hub

frontend-slides

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The deployment script scripts/deploy.sh contains a path traversal vulnerability. It parses local HTML files for asset references (src, href, url) and copies them to a temporary directory for deployment to Vercel. Because the script does not validate or sanitize these paths, a malicious HTML file could include references to sensitive local files using parent directory traversal (e.g., assets/../../.ssh/id_rsa), causing them to be copied into the deployment folder and uploaded to a public Vercel URL. Additionally, the local server started by scripts/export-pdf.sh is vulnerable to path traversal, allowing the headless browser to read arbitrary files from the local filesystem.\n- [COMMAND_EXECUTION]: The skill relies on several shell scripts and Python scripts to perform its core functions. It executes npx vercel for deployment, node for PDF generation, and python for PowerPoint extraction. These scripts handle user-provided file paths as arguments without rigorous validation.\n- [REMOTE_CODE_EXECUTION]: The PDF export utility scripts/export-pdf.sh dynamically generates a Node.js script (export-slides.mjs) at runtime and executes it using the node runtime. This script also starts a local HTTP server and uses the Playwright library to automate a headless Chromium browser.\n- [EXTERNAL_DOWNLOADS]: The skill requires and installs several third-party dependencies from public registries, including python-pptx and Pillow via pip, and the vercel CLI and playwright (with Chromium) via npm. These downloads are performed from well-known registries to support the skill's features.\n- [PROMPT_INJECTION]: The skill processes untrusted external data in the form of PowerPoint (.pptx) files and existing HTML presentations, which represents an indirect injection surface.\n
  • Ingestion points: PowerPoint files processed by scripts/extract-pptx.py and HTML files read during enhancement or deployment/export phases.\n
  • Boundary markers: None identified; the skill directly extracts and processes content from these files without isolation.\n
  • Capability inventory: The skill can execute shell commands, write files to the local system, and perform network deployments.\n
  • Sanitization: No sanitization or validation of the ingested content is performed before it is used in command arguments or script logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 20, 2026, 04:14 AM