Skills
skills/product-on-purpose/pm-skills/utility-slideshow-creator/Gen Agent Trust Hub

utility-slideshow-creator

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run local Node.js scripts (scripts/generate-deck.js and scripts/export-pdf.mjs) to render slide decks. This is the intended functionality of the skill and follows standard practices for local file generation.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted 'content briefs' into a structured JSON specification.
  • Ingestion points: The content brief provided by the user (as referenced in SKILL.md).
  • Boundary markers: Absent; the instructions do not specify any delimiters to separate the user-provided brief from the agent's logic.
  • Capability inventory: Shell execution of Node.js scripts (as referenced in SKILL.md).
  • Sanitization: No documented sanitization or validation logic for the input data or generated JSON fields (such as outputFileName) is provided.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 02:05 AM