brand-pptx-template
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a dangerous injection surface by ingesting untrusted data from arbitrary website URLs provided by users via the
references/brand-extraction.jsscript. This data is then used to drive file generation inscripts/scaffold_deck.jsand passed to thepotxkittool. There are no boundary markers or sanitization processes described to prevent malicious instructions embedded in the scraped websites from being obeyed by the agent. - Unverifiable Dependencies (MEDIUM): The skill relies on the
pptxgenjslibrary and references an unverified third-party tool namedpotxkit(accessed via CLI or MCP), which is not within the trusted external source scope. - Command Execution (LOW): The workflow requires the agent or user to execute local Node.js scripts (
scripts/scaffold_deck.js) to generate outputs, which is an expected but notable local execution surface.
Recommendations
- AI detected serious security threats
Audit Metadata