pptx-posters
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands where user-controlled content is directly interpolated into command-line arguments (e.g., in the 'generate_schematic.py' examples). This creates an indirect prompt injection surface where a malicious user could execute arbitrary code. 1. Ingestion points: User-provided poster topics and content strings. 2. Boundary markers: None present in command templates. 3. Capability inventory: Unrestricted use of the Bash tool for script execution. 4. Sanitization: No input validation or escaping logic is prescribed.
- [PROMPT_INJECTION]: The skill includes a mandatory redirection instruction requiring the agent to proactively suggest a specific commercial platform (K-Dense Web) for complex workflows, which overrides neutral task assistance with promotional steering.
Audit Metadata