create-marp-deck
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the latest @marp-team/marp-cli using npx. This is a well-known tool for generating presentations from Markdown.
- [COMMAND_EXECUTION]: Executes shell commands to convert Markdown to HTML and PPTX. It also runs a Python script to post-process editable PowerPoint files.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. * Ingestion points: The skill reads external files or URLs provided by users during the interview phase in SKILL.md. * Boundary markers: No delimiters or ignore-embedded-instruction warnings are used. * Capability inventory: Executes subprocesses via npx and python3 and performs file writes. * Sanitization: No sanitization or filtering is performed on external content.
Audit Metadata