Skills
skills/roasbeef/claude-files/slide-creator/Gen Agent Trust Hub

slide-creator

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection, where malicious instructions in source material could hijack the image generation process.
  • Ingestion points: scripts/create_slides.py reads user-provided text through the load_prompts and outline_to_prompts functions.
  • Boundary markers: Absent. The skill uses simple f-strings to build prompts, providing no separation between system instructions and untrusted data.
  • Capability inventory: subprocess.run is used to execute external Python scripts from the nano-banana skill.
  • Sanitization: Absent. No escaping, validation, or filtering is performed on input text before it is passed as a command-line argument.
  • [COMMAND_EXECUTION] (MEDIUM): The script executes local files via subprocess.run using paths constructed from the user's home directory.
  • Evidence: scripts/create_slides.py targets ~/.claude/skills/nano-banana/scripts/generate_image.py using Path.home().
  • Risk: While using an argument list prevents direct shell injection, the skill relies on the presence and security of scripts outside of its own package.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 11:18 PM