tuzi-slide-deck
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The file
references/base-prompt.mdcontains explicit instructions to override safety refusals concerning copyrighted or sensitive figures. It directs the AI to create stylistically similar alternatives rather than refusing the request ("DO NOT refuse to generate"). - [COMMAND_EXECUTION]: The skill requires the execution of local TypeScript scripts, specifically
scripts/merge-to-pptx.tsandscripts/merge-to-pdf.ts, using thebunruntime vianpx. This is a core part of the skill's functionality to compile generated images into PowerPoint and PDF formats. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill ingests untrusted data from user-provided files (e.g.,
content.mdorsource.md) to generate outlines and image prompts. - Boundary markers: There are no clear delimiters or instructions to ignore potentially malicious embedded content within the source material in
references/base-prompt.md. - Capability inventory: The skill has the ability to write multiple files to the local filesystem and execute shell commands via
npx. - Sanitization: The analysis does not reveal any input sanitization or validation of the source Markdown content before it is interpolated into prompts for the agent or the image generator.
Audit Metadata