open-design-landing-deck
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The
scripts/compose.tsscript interpolates content frominputs.jsondirectly into the generated HTML without sanitization. Theschema.tsdocumentation explicitly mentions that certain fields can include raw HTML. This creates an attack surface where malicious instructions or scripts embedded in processed data could be executed if the agent is directed to process untrusted external content. - Ingestion points:
inputs.json(read byscripts/compose.ts). - Boundary markers: Absent. No explicit instructions are provided to the agent or the script to ignore or escape embedded instructions in the slide content.
- Capability inventory:
file-write(writing the output HTML file vianode:fs/promises). - Sanitization: Absent; the
mixedhelper and variousrenderfunctions inscripts/compose.tsinterpolate content directly into HTML strings without escaping. - [EXTERNAL_DOWNLOADS]: Fetches typography assets from Google Fonts. The generated HTML and the
scripts/compose.tsrenderer referencefonts.googleapis.comandfonts.gstatic.comto load the "Inter Tight", "Playfair Display", and "JetBrains Mono" font families.
Audit Metadata