slides-grab

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's installation logic, defined in the YAML metadata and the scripts/install.sh file, downloads the slides-grab package from the npm registry and installs the Chromium browser using the Playwright framework to enable presentation rendering and export capabilities.
  • [COMMAND_EXECUTION]: Utilizes shell commands to execute the slides-grab CLI for core functionality, including launching a local visual editor, generating images via external providers, and exporting decks to high-fidelity PDF and PNG formats.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) by reading and iterating upon local HTML and CSS slide files (slide-XX.html) which could contain malicious instructions designed to influence the agent's behavior during visual editing. Ingestion points: The agent processes local slide HTML files during the visual edit, validation, and viewer-build workflows. Boundary markers: No delimiters or instructional guards are present to separate user-editable slide content from the agent's operational instructions. Capability inventory: The skill is configured with Bash, Write, and Edit tool permissions, providing significant leverage if an injection is successful. Sanitization: The slides-grab validate command focuses on checking for broken asset links and path compliance but does not sanitize the HTML content for potential prompt-based attacks.
  • [CREDENTIALS_UNSAFE]: The skill explicitly references and utilizes the sensitive local configuration file ~/.codex/auth.json to handle authentication for its default image generation service.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 08:09 AM
Security Audit — agent-trust-hub — slides-grab