slide-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to indirect prompt injection and path traversal attacks because it allows user-provided data to define file paths and content in script executions.
- Ingestion points: Filenames (e.g., 'my-deck.md'), slide titles, and author names supplied by the user are used as arguments for the
init_presentation.pyscript inSKILL.md. - Boundary markers: Absent; there are no instructions to the agent to treat these inputs as untrusted or to validate their structure.
- Capability inventory: The skill has file modification capabilities and command execution privileges via
uv run. - Sanitization: No sanitization or validation logic is mentioned, creating a risk for arbitrary file writes if paths are not restricted.
- [COMMAND_EXECUTION] (INFO): The skill uses
uv runto invoke internal scripts (init_presentation.py,check_contrast.py) for workflow automation. While standard for skills, the lack of input validation on the arguments passed to these commands elevates the risk level.
Recommendations
- AI detected serious security threats
Audit Metadata