slides-grab-design
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of a local CLI utility
slides-grabto perform various tasks including validation (validate), building the viewer (build-viewer), launching an editor (edit), and generating assets (image,tldraw). It also utilizesyt-dlp(viafetch-video) to download external video content for local storage. - [EXTERNAL_DOWNLOADS]: Fetches styling and functionality assets from jsDelivr, a well-known content delivery network. These include the Pretendard font stack (
cdn.jsdelivr.net/gh/orioncactus/pretendard), Chart.js for data visualization (cdn.jsdelivr.net/npm/chart.js), and Mermaid.js for diagramming (cdn.jsdelivr.net/npm/mermaid). - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted data.
- Ingestion points: Reads instructions and content from
slide-outline.mdand fetches metadata/content from external URLs provided viafetch-videoor web image downloads. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are defined for the parsing of
slide-outline.md. - Capability inventory: The skill can execute shell commands via the
slides-grabCLI andyt-dlp, and it performs file system write operations for HTML and asset files. - Sanitization: The provided documentation does not specify sanitization or validation routines for content extracted from external sources before it is interpolated into slide HTML or used in CLI arguments.
- [COMMAND_EXECUTION]: Recommends the use of
mermaid.initialize({ securityLevel: 'loose' })inreferences/design-system-full.md. While standard for certain Mermaid functionalities, this setting permits broader script execution within diagrams and should be used with caution if diagram source text is derived from untrusted user input.
Audit Metadata