Skills
skills/mpuig/agent-slides/slides-polish/Gen Agent Trust Hub

slides-polish

Warn

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes uvx --from agent-slides to download and execute code from an external package. This dependency is not listed among trusted vendors or well-known services, nor does it follow the author's specified vendor naming patterns.
  • [COMMAND_EXECUTION]: The skill invokes system commands such as find for file discovery and uvx for performing inspections and applying modifications to .pptx files. This enables the execution of code within the context of an unverified external package.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing external, untrusted content from PowerPoint decks.
  • Ingestion points: Data is extracted from placeholders, shapes, and notes in output.pptx using the inspect command (File: SKILL.md).
  • Boundary markers: Absent. There are no instructions to the agent to treat slide content as untrusted data or to ignore instructions embedded within it.
  • Capability inventory: The agent can run external packages via uvx and write changes back to the filesystem, providing a path for adversarial content to influence system state (File: SKILL.md).
  • Sanitization: Absent. No validation or filtering is performed on the text extracted from the presentation files before it is processed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 15, 2026, 09:02 AM