pitch-deck-visuals
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the
Bash(infsh *)permission, allowing the AI agent to execute any command using theinfshCLI. This broad scope could be exploited if the agent is manipulated into running unauthorized subcommands or flags beyond those documented. - [REMOTE_CODE_EXECUTION]: The skill uses
infsh app run infsh/python-executorto execute Python code for chart generation andinfsh app run infsh/html-to-imagefor rendering slides. This involves assembling and executing scripts at runtime based on user requirements, which is a medium-risk dynamic execution pattern. - [EXTERNAL_DOWNLOADS]: The skill suggests installing external dependencies from an unknown source via
npx skills add inference-sh/skills@agent-tools. Sinceinference-shis not a pre-approved trusted vendor, this constitutes an unverifiable dependency risk. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data to populate slide templates.
- Ingestion points: Slide content inputs (titles, metrics, and labels) provided by the user in
SKILL.mdexamples. - Boundary markers: None; the skill does not use delimiters or instructions to prevent the agent from obeying commands embedded in user-provided slide data.
- Capability inventory: The agent has the ability to run arbitrary Python code via
infsh/python-executorand HTML viainfsh/html-to-image. - Sanitization: There is no evidence of input validation or escaping before data is interpolated into the Python or HTML code blocks, potentially allowing an attacker to break out of the script context and execute malicious code on the remote executor.
Audit Metadata