Skills
skills/aiskillstore/marketplace/ckm-slides/Gen Agent Trust Hub

ckm-slides

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the Chart.js library from the official jsDelivr CDN and references stock imagery from Pexels within the HTML template documentation.
  • [COMMAND_EXECUTION]: Multiple reference files (copywriting-formulas.md, layout-patterns.md, slide-strategies.md) contain example shell commands instructing users to run a Python script (search-slides.py) located in an external directory (.claude/skills/design-system/scripts/) that is not part of this skill package.
  • [PROMPT_INJECTION]: The file skill-report.json contains a self-referential security audit (Category 8e) that claims the skill is safe and dismisses potential security warnings as false positives.
  • Ingestion points: The skill-report.json metadata file is included in the skill's context.
  • Boundary markers: No delimiters or isolation markers are present for this metadata content.
  • Capability inventory: The skill possesses no direct subprocess or dynamic execution capabilities in the provided source files, although the documentation suggests external script execution.
  • Sanitization: No sanitization or verification logic is implemented for the metadata or the external script references.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 08:03 AM
Security Audit — agent-trust-hub — ckm-slides