frontend-slides
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python code locally using the
python-pptxlibrary to process user-provided PowerPoint files and uses the systemopencommand to launch generated HTML presentations in the browser. - [EXTERNAL_DOWNLOADS]: The generated presentation templates include links to external font resources from Fontshare, which is a well-known typography service.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its workflow for processing untrusted external data.
- Ingestion points: Content is extracted from user-supplied .pptx files and raw text notes during the conversion and content discovery phases.
- Boundary markers: The skill does not implement delimiters or explicit instructions to prevent the agent from interpreting instructions embedded within the ingested content.
- Capability inventory: The skill writes files to the local system, executes Python code, and generates executable HTML/JavaScript content.
- Sanitization: No mechanisms for sanitizing or escaping the extracted text are defined before it is rendered into the final HTML templates.
Audit Metadata