html-presentation
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill creates a surface for indirect prompt injection by instructing the agent to generate executable web content (HTML/JS) based on untrusted user input (slide titles and body text). While primarily for local display, unsanitized input could lead to XSS in the generated presentation files.
- Ingestion points: User-provided text for slide titles, content, and code snippets.
- Boundary markers: None provided in the skill instructions to separate user data from HTML templates.
- Capability inventory: Generation of
index.htmland assets using reveal.js and highlight.js frameworks. - Sanitization: The skill lacks explicit instructions to sanitize or escape user-provided content during the code generation process.
- [Dynamic Execution] (LOW): The skill performs script generation by assembling HTML and JavaScript components at runtime to form a functional presentation, which is a standard behavior for this type of utility.
Audit Metadata