Skills
skills/thatrebeccarae/claude-marketing/pro-deck-builder/Gen Agent Trust Hub

pro-deck-builder

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external content from PowerPoint files and JSON configuration data, creating a surface for indirect prompt injection. (1) Ingestion points: Content is read from 'presentation.pptx' and 'brand-profile.json'. (2) Boundary markers: No delimiters are specified to isolate external data from the agent's instructions. (3) Capability inventory: The agent can execute system commands, write files, and install packages. (4) Sanitization: External data is not validated or escaped before being processed.
  • [COMMAND_EXECUTION]: The skill uses local shell commands such as 'find' and 'fc-list' to discover system fonts and search for logo files in user directories to facilitate document styling.
  • [EXTERNAL_DOWNLOADS]: The skill requires installing standard dependencies like pptxgenjs, react-icons, and markitdown from official package registries.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:56 PM