youmind-slides-generator
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the installation and execution of the
@youmind-ai/clipackage and usesnode -efor processing JSON results. These are standard operations for the skill's intended purpose. - [EXTERNAL_DOWNLOADS]: The skill fetches data and installs a CLI tool from the vendor's official domain (
youmind.com) and package registry. These are expected vendor resources. - [DATA_EXFILTRATION]: The skill requests access to a user-provided
YOUMIND_API_KEYto authenticate with the vendor's service. It correctly instructs the user to configure this in their local environment rather than pasting it into the chat history. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection or schema confusion because user-provided topics and outlines are interpolated directly into shell command arguments and JSON payloads in Step 3 of the workflow without explicit instructions for the agent to sanitize or escape special characters (such as quotes or shell metacharacters).
- Ingestion points: User-provided topic, outline, or key points in
SKILL.md(Step 3). - Boundary markers: The input is wrapped in a JSON string within a single-quoted shell command, but no escaping logic is defined.
- Capability inventory: Execution of Bash commands, NPM installation, and Node.js scripts.
- Sanitization: No sanitization or validation of the user-provided content is performed before interpolation.
Audit Metadata