marp-authoring
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The
scripts/init_presentation.pyscript possesses an attack surface for indirect prompt injection by interpolating user-controlled data into generated Markdown files. \n - Ingestion points: The
titleandauthorcommand-line arguments inscripts/init_presentation.pyare used to fill placeholders in templates. \n - Boundary markers: Absent; the script perform simple string replacement without delimiters or warnings to the renderer. \n
- Capability inventory: The script has file-write capabilities via
Path.write_text. \n - Sanitization: Absent; user-provided strings are not escaped or validated before being written to the output file.\n- SAFE (SAFE): No instances of obfuscation, hardcoded credentials, or malicious network activity were detected. The core functionality is focused on documentation and local file templating. The
scripts/validate_marpit.shscript is a benign syntax checker.
Audit Metadata