Skills
skills/openclaw/skills/pitch-gen/Gen Agent Trust Hub

pitch-gen

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill directly interpolates the user-provided idea argument into the OpenAI prompt in src/index.ts without delimiters or sanitization. A malicious input could attempt to subvert the 'investor-ready' instructions to generate unrelated or harmful content.
  • [INDIRECT_PROMPT_INJECTION] (LOW):
  • Ingestion points: User input via the idea argument in src/cli.ts.
  • Boundary markers: Absent. The input is directly concatenated: Create pitch deck content for: ${idea}.
  • Capability inventory: File system write access via fs.writeFileSync in src/cli.ts and outbound network access to the OpenAI API.
  • Sanitization: Absent. There is no validation or escaping of the input string before it is sent to the LLM.
  • [DATA_EXPOSURE] (LOW): The CLI tool allows users to specify an output file path via the -o or --output flag. If used by an automated agent without path validation, this could be used to overwrite sensitive files on the local system.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 02:20 PM