slides-build
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-provided briefs and external project artifacts to generate the final slide deck structure.
- Ingestion points: User-provided topic briefs and intent (Step 1) and external JSON artifacts like
resolved_manifest.json(Step 2). - Boundary markers: The instructions do not define clear delimiters or use safety instructions to isolate ingested content from the slide-generation logic.
- Capability inventory: The skill executes the
agent-slidestool viauvx, reads multiple local project files, and writes JSON and PPTX files to the project directory. - Sanitization: No sanitization, validation, or escaping of the ingested data is described before the content is interpolated into slide operations.
- [EXTERNAL_DOWNLOADS]: The skill downloads and executes an external package at runtime using the
uvpackage manager. - Evidence: The process relies on
uvx --from agent-slidesto access slide rendering and QA functionality. This tool is recognized as a vendor-specific resource for the author 'mpuig'. - [COMMAND_EXECUTION]: The skill executes multiple shell commands to perform preflight checks, rendering, and quality assurance.
- Evidence: Calls to
slides preflight,slides render, andslides qaare issued viauvxthroughout the project lifecycle.
Audit Metadata