Skills
skills/yoanbernabeu/slidev-skills/slidev-monaco-editor/Gen Agent Trust Hub

slidev-monaco-editor

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Remote Code Execution] (LOW): The skill provides a {monaco-run} feature which allows for the execution of JavaScript and TypeScript code directly within the Slidev presentation environment. This is a primary intended function of the skill and is constrained by the browser's security sandbox.
  • [External Downloads] (LOW): The setup configuration (setup/monaco.ts) demonstrates fetching type definitions from https://unpkg.com. While unpkg.com is a standard CDN for npm packages, it is not on the trusted source list. The risk is low as the content is fetched as text for type-checking purposes rather than direct execution.
  • [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection if it processes untrusted markdown containing malicious code blocks.
  • Ingestion points: Markdown code blocks with the {monaco-run} tag in the SKILL.md file and presentation files.
  • Boundary markers: Code is delimited by standard markdown triple backticks.
  • Capability inventory: Ability to execute arbitrary JavaScript/TypeScript code via the browser's console context.
  • Sanitization: No specific sanitization is mentioned beyond the standard constraints of the Monaco Editor and the browser environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:05 PM