baoyu-slide-deck
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted user content and transforms it into prompts for image generation.
- Ingestion points: User-supplied markdown or text (saved to
source.md) is analyzed and used to construct prompts for each slide. - Boundary markers: The skill uses
base-prompt.mdas a template but lacks explicit delimiters or instructions for the LLM to ignore instructions embedded within the user's content. - Capability inventory: The skill writes files to the local system, executes TypeScript scripts via a subprocess, and utilizes an image generation tool.
- Sanitization: No sanitization or validation of the input content is performed before it is interpolated into the prompts.
- [COMMAND_EXECUTION]: The skill executes system commands and local scripts as part of its normal workflow.
- Evidence: Uses
bashviatest -fandtest -dto check for the presence of configuration and output directories. - Evidence: Executes
npx -y bunto run themerge-to-pptx.tsandmerge-to-pdf.tsscripts located in the skill's directory. - [EXTERNAL_DOWNLOADS]: The skill uses the
npxpackage runner, which may fetch thebunruntime or dependencies from the NPM registry if they are not cached locally. - Evidence: The use of
npx -y bunin the final steps of the workflow facilitates the automatic retrieval and execution of tools from a well-known service.
Audit Metadata