perfect-presentation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for Indirect Prompt Injection (Category 8) due to the mandatory research phase.
- Ingestion points: Data enters the context during 'Phase 1 — Deep Research' where the agent is instructed to gather facts, stats, and case studies from external sources.
- Boundary markers: There are no markers or instructions to treat researched content as untrusted data.
- Capability inventory: The skill executes shell commands, installs packages, and runs a dynamically generated script (
node presentation.js) in Phase 9. - Sanitization: No sanitization is performed on the gathered research data before it is interpolated into the JavaScript code that generates the presentation.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to facilitate its workflow, including installing dependencies, running the generated presentation script, and performing quality assurance checks using Python modules and system utilities.
- [EXTERNAL_DOWNLOADS]: The skill triggers the installation of several Node.js packages (
pptxgenjs,react,react-dom,react-icons,sharp) from the public npm registry to enable presentation generation and image processing.
Audit Metadata