marp-slide
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill is a legitimate tool for presentation generation. Analysis of the scripts, templates, and documentation found no evidence of malicious code, obfuscation, or persistence mechanisms.
- External Downloads (LOW): Several CSS templates and assets (e.g.,
assets/template-basic.md) use@importto load typography fromfonts.googleapis.com. As Google is a trusted organization and these are standard web assets, this is considered a low-risk reference. - Indirect Prompt Injection (LOW): The skill functions by ingesting user-provided text to populate Markdown templates. This creates an attack surface where malicious input could contain Marp directives. However, this risk is inherent to the slide-creation use case and the skill does not grant additional system capabilities that would elevate this risk beyond local file creation.
- Ingestion points: User-provided content for slide titles and body text.
- Boundary markers: None (Markdown structure only).
- Capability inventory: File-write access to
/mnt/user-data/outputs/. - Sanitization: None detected.
Audit Metadata