slides-grab
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation logic, defined in the YAML metadata and the
scripts/install.shfile, downloads theslides-grabpackage from the npm registry and installs the Chromium browser using the Playwright framework to enable presentation rendering and export capabilities. - [COMMAND_EXECUTION]: Utilizes shell commands to execute the
slides-grabCLI for core functionality, including launching a local visual editor, generating images via external providers, and exporting decks to high-fidelity PDF and PNG formats. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) by reading and iterating upon local HTML and CSS slide files (
slide-XX.html) which could contain malicious instructions designed to influence the agent's behavior during visual editing. Ingestion points: The agent processes local slide HTML files during the visual edit, validation, and viewer-build workflows. Boundary markers: No delimiters or instructional guards are present to separate user-editable slide content from the agent's operational instructions. Capability inventory: The skill is configured withBash,Write, andEdittool permissions, providing significant leverage if an injection is successful. Sanitization: Theslides-grab validatecommand focuses on checking for broken asset links and path compliance but does not sanitize the HTML content for potential prompt-based attacks. - [CREDENTIALS_UNSAFE]: The skill explicitly references and utilizes the sensitive local configuration file
~/.codex/auth.jsonto handle authentication for its default image generation service.
Audit Metadata