slidev
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown reference files and documentation. It does not include any executable scripts, binaries, or active code components.
- [COMMAND_EXECUTION]: Documents the usage of the Slidev CLI (
slidev,slidev build,slidev export) to manage presentation lifecycles. These are standard operational instructions for the documented tool. - [EXTERNAL_DOWNLOADS]: References the installation of dependencies such as Playwright and Iconify collections from official package registries and well-known service repositories.
- [DATA_EXFILTRATION]: Mentions the
--tunnelfeature which utilizes Cloudflare Quick Tunnels to expose a local presentation server for remote access. This is a documented feature of Slidev using a well-known service. - [INDIRECT_PROMPT_INJECTION]: The skill describes features for importing content from external Markdown files and code snippets, which represents a potential injection surface if the imported content originates from an untrusted source.
- Ingestion points: External Markdown files via
srcfrontmatter and code snippets via<<<syntax. - Boundary markers: None explicitly defined in the documented templates to separate imported content from agent instructions.
- Capability inventory: Includes filesystem modification capabilities via the
monaco-writefeature and CLI command execution. - Sanitization: Relies on Slidev's internal Markdown and Vue rendering engines; no additional sanitization logic is provided in the skill instructions.
Audit Metadata