marp-slide
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWSAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides a surface for processing untrusted data to generate presentation slides.
- Ingestion points: User-provided content for slide titles, bullets, and descriptions.
- Boundary markers: Absent; user content is directly inserted into Markdown templates without specific delimiters to prevent command-like text from being interpreted by the agent or downstream tools.
- Capability inventory: File-write operations to
/mnt/user-data/outputs/(Markdown files only). - Sanitization: None detected; the skill relies on the agent to interpret the input accurately.
- Risk Assessment: Since the output is limited to static document generation and lacks high-privilege execution or exfiltration capabilities, the severity remains low.
- [Data Exposure & Exfiltration] (INFO): Style templates in the
assets/directory use@importto load fonts fromfonts.googleapis.com. These are trusted sources and do not represent a data exfiltration risk. - [Remote Code Execution] (INFO): The
references/advanced-features.mdfile mentions the use of the--allow-local-filesflag for the Marp CLI. While this flag can pose a security risk if the CLI is used to render untrusted/malicious markdown files, it is provided as a reference for the user's external environment and is not executed by the skill's own logic.
Audit Metadata