baoyu-slide-deck
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill ingests untrusted content from markdown files to generate outlines and prompts for image generation. It lacks explicit sanitization or boundary markers to prevent embedded instructions in the source text from overriding the agent's behavior during the outline or prompt generation phases.
- Ingestion points:
SKILL.mdWorkflow Step 1 and 2 read external content fromsource.mdor user-pasted text. - Boundary markers: None present in the outline templates or prompt generation logic.
- Capability inventory: File system access, local script execution via
bun, and image generation tool calls. - Sanitization: No sanitization or escaping of user-provided content is performed before interpolation into prompts.
- Command Execution (LOW): The skill uses the agent to execute local TypeScript scripts via
npxandbun. While these scripts are part of the skill's own package, the capability to execute commands based on generated file paths (slugs) poses a minor risk if path validation is not strictly enforced by the agent. (Evidence:SKILL.mdWorkflow Step 6;scripts/merge-to-pptx.ts,scripts/merge-to-pdf.ts). - External Downloads (LOW): The scripts rely on external Node.js libraries (
pdf-libandpptxgenjs) which may be downloaded or updated at runtime when usingnpx. These are standard libraries for these tasks but represent unverifiable dependencies at the time of execution. (Evidence:scripts/merge-to-pdf.ts,scripts/merge-to-pptx.ts).
Audit Metadata