scientific-slides
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The slide generation script
scripts/generate_slide_image.pyis vulnerable to Indirect Prompt Injection. It ingests natural language prompts and image attachments from untrusted sources and passes them to an AI generation process without any sanitization or protective boundary markers.\n - Ingestion points: The
promptCLI argument and--attachimage files inscripts/generate_slide_image.py.\n - Boundary markers: Absent. There are no instructions or delimiters used to separate user input from system instructions.\n
- Capability inventory: File writing (output slide images) and execution of an external AI generation script via
subprocess.run.\n - Sanitization: None. Raw strings and files are passed directly to the execution pipeline.\n- COMMAND_EXECUTION (MEDIUM):
scripts/generate_slide_image.pyperforms dynamic execution of a companion script (generate_slide_image_ai.py) usingsubprocess.run. While it uses a list of arguments to mitigate shell injection, the execution flow depends on the presence and integrity of a file that is not included in the provided source code.\n- PROMPT_INJECTION (MEDIUM):scripts/pdf_to_images.pyprocesses external PDF files, which serves as an indirect injection vector. Malicious content within a PDF could be converted into images and subsequently interpreted by an AI agent as valid instructions, potentially leading to unauthorized actions during the presentation workflow.\n - Ingestion points: User-provided PDF file paths in
scripts/pdf_to_images.py.\n - Capability inventory: Full file system read access for PDFs and write access for image generation.
Recommendations
- AI detected serious security threats
Audit Metadata