baoyu-slide-deck
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bunruntime to execute local TypeScript scripts (merge-to-pdf.tsandmerge-to-pptx.ts) for combining generated images into PDF and PPTX files. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing untrusted user data to generate prompts. Ingestion points: User-provided content processed during the analysis phase. Boundary markers: Employs template headers but lacks explicit instructions to ignore commands within the source text. Capability inventory: Capable of calling image generation skills and executing local file-merging scripts. Sanitization: No explicit validation or filtering of input text before it is used in prompt generation.
Audit Metadata