sas-presentation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill defines an indirect prompt injection surface (Category 8). It collects untrusted data from users via a multi-phase discovery interview and interpolates this content into HTML placeholders within templates like scaffold-template.html. No instructions are provided for sanitizing or escaping these inputs before they are rendered in a browser context.
- Ingestion points: Phase 2 and 3 of the discovery interview in SKILL.md, mapping to placeholders in scaffold-template.html.
- Boundary markers: Absent.
- Capability inventory: Creating and writing .html and .css files; executing npx decktape via subprocess.
- Sanitization: Absent.- [COMMAND_EXECUTION]: The skill provides instructions in SKILL.md for exporting presentations to PDF using npx decktape, a command-line tool. This involves executing external software on the host system with parameters derived from file names.- [EXTERNAL_DOWNLOADS]: The skill's HTML templates reference external assets hosted on well-known Content Delivery Networks, specifically jsdelivr.net, cdnjs.cloudflare.com, and Google Fonts. These references are standard for web-based presentations and originate from well-known services.
Audit Metadata