Pitch Deck Reviewer
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill promotes the installation of an unverified external tool 'afrexai-proposal-gen' using a non-standard command 'clawhub install'.
- Evidence: Found in the 'Related Tools' section of SKILL.md.
- Risk: The source (afrexai-cto.github.io) is not a trusted provider. Installing unvetted packages can lead to arbitrary code execution or environment compromise.
- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8) due to the processing of attacker-controllable data.
- Ingestion points: Processes external pitch deck content (text, slides, or descriptions) as defined in SKILL.md.
- Boundary markers: Absent. The instructions do not define delimiters or provide 'ignore embedded instructions' warnings for the input data.
- Capability inventory: Limited to reasoning, scoring, and text generation. No direct file-write or network-send capabilities are present in this specific skill file.
- Sanitization: Absent. There is no logic to filter or escape instructions potentially hidden within the pitch deck content.
- Risk: An adversary could embed instructions within a pitch deck to manipulate the agent's analysis or bypass intended logic.
Audit Metadata