excalidraw-slides
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill instructs the agent in
SKILL.mdto generate unique file identifiers by executing the system commandopenssl rand -hex 16. While the purpose is benign (random string generation), it encourages the use of shell/command execution tools on the host environment. - PROMPT_INJECTION (LOW): The skill's architecture is susceptible to indirect prompt injection because user-provided content drives a multi-stage automated process.
- Ingestion points: User-provided topics and narratives are ingested into the
slides_list.mdfile, which serves as the primary instruction source for subsequent automated steps. - Boundary markers: Absent. The agent interpolates untrusted user content directly into the markdown checklist without delimiters or instructions to sub-agents to ignore embedded commands.
- Capability inventory: The skill has the ability to create directories, write files (.md, .excalidraw.md, .svg), execute shell commands, and invoke sub-agents via the
Tasktool. - Sanitization: Absent. There is no evidence of input validation, escaping, or filtering for user-provided strings before they are written to the outline and processed by the sub-agent.
Audit Metadata