slidekit-create
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted user data.
- Ingestion points: The skill reads user-provided HTML files from the
references/templates/directory and processes external content files (such as Markdown or text documents) during the slide generation process. - Boundary markers: The instructions specify ignoring text content in templates, but they lack explicit boundary markers or instructions to disregard potential commands embedded within the primary content source files.
- Capability inventory: The skill generates multiple HTML files and can invoke an external
/pptxskill for file conversion. - Sanitization: A strict prohibition of JavaScript in the generated output is enforced, which reduces execution risks, but the input is not explicitly sanitized against instruction-based overrides.
- [EXTERNAL_DOWNLOADS]: The generated slides reference assets from well-known content delivery networks.
- Resources: Tailwind CSS and Font Awesome are loaded from
cdn.jsdelivr.net. Fonts are fetched fromfonts.googleapis.com. - [EXTERNAL_DOWNLOADS]: The workflow references an external skill for PowerPoint conversion from a trusted repository.
- Evidence: The instructions guide the user to install the
/pptxskill from theanthropicsGitHub organization if it is not already available in the session.
Audit Metadata