Skills
skills/prettyhe/baoyu-skills/baoyu-slide-deck/Gen Agent Trust Hub

baoyu-slide-deck

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: The skill performs its stated function using standard file operations and a multi-step user confirmation flow.
  • [PROMPT_INJECTION]: The skill processes untrusted user markdown to generate image prompts, which is an indirect prompt injection surface.
  • Ingestion points: Content is read from source files as described in SKILL.md.
  • Boundary markers: The base-prompt.md uses markdown headers to separate style and content.
  • Capability inventory: The skill can read/write files and execute scripts.
  • Sanitization: No sanitization is performed on user content.
  • [COMMAND_EXECUTION]: Local TypeScript scripts are used to merge images into PDF and PPTX files. The scripts scripts/merge-to-pdf.ts and scripts/merge-to-pptx.ts are executed via bun and perform only local file operations.
  • [EXTERNAL_DOWNLOADS]: The skill uses pdf-lib and pptxgenjs libraries. These are standard, well-known Node.js packages used for document generation and are considered safe resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:06 AM