marp-deck-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator triggers the
task pdfcommand in Phase 4 to render the generated Markdown into a final PDF document. This is an expected operation for a build-oriented workflow.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it reads and processes user-provided content from external files to drive its logic.\n - Ingestion points: Content is read from
definition/deck-definition.mdandreferences/deck-template.md.\n - Boundary markers: Absent; user content is parsed and passed to sub-tools without explicit isolation markers.\n
- Capability inventory: The skill has the authority to invoke other AI tools and execute shell commands (
task pdf) based on the planned workflow.\n - Sanitization: No input validation or instruction-stripping is performed on the source markdown files.
Audit Metadata