presentation-builder

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands using the slides-grab CLI tool (e.g., slides-grab build-viewer, slides-grab convert). These operations are used for building, validating, and exporting slide decks.
  • [EXTERNAL_DOWNLOADS]: The skill references an external tool hosted on GitHub at https://github.com/vkehfdl1/slides-grab. While this is a third-party repository, it is the primary engine for the skill's documented functionality.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted user data to generate presentation content.
  • Ingestion points: Data enters the context via user-provided materials such as briefs, documents, and spreadsheets processed in the classification step.
  • Boundary markers: The instructions do not define specific delimiters or warnings to separate processed data from instructions.
  • Capability inventory: The skill is granted Read, Write, and Edit tool permissions and includes instructions for shell command execution via the slides-grab utility.
  • Sanitization: The references/review-and-export-checklist.md includes a safety check to ensure that sensitive data is removed or masked before the final export.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:06 AM
Security Audit — agent-trust-hub — presentation-builder