marp
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill installs the
@marp-team/marp-clipackage via npm to enable presentation generation functionality. - Evidence:
npm install -g @marp-team/marp-clifound in README.md. - Context: This is the primary dependency required for the skill's purpose. Although the Marp team is a recognized entity, they are not on the predefined list of trusted organizations, and the dependency is unversioned.
- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to process external Markdown files (
slides.md) which could contain malicious instructions or unexpected formatting. - Ingestion points:
slides.mdfile input. - Boundary markers: None mentioned in the documentation.
- Capability inventory: Execution of shell commands (
marp) to generate PDF, HTML, and PPTX outputs. - Sanitization: None specified; behavior relies on the Marp CLI's internal parsing logic.
Audit Metadata