presentation-builder

Fail

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone a repository from an unverified third-party source (https://github.com/vkehfdl1/slides-grab.git) during its setup phase.
  • [REMOTE_CODE_EXECUTION]: The agent is directed to run npm ci and npm exec on the downloaded repository, resulting in the execution of unverified code. It also triggers npx playwright install chromium, which downloads and executes binary installers from the network.
  • [COMMAND_EXECUTION]: The instructions require the agent to execute several high-risk shell commands (git clone, npm ci, npx playwright, npm exec) to install and run the non-standard slides-grab utility.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing untrusted user data into generated HTML artifacts.
  • Ingestion points: The skill ingests user-provided presentation goals, audience details, and source materials into slide-outline.md and HTML files.
  • Boundary markers: No specific delimiters or boundary markers are used to isolate untrusted content from the agent's instructions.
  • Capability inventory: The skill environment has broad capabilities including network access, file system writes, and arbitrary code execution via npm.
  • Sanitization: There is no evidence of sanitization or validation performed on user-supplied content before it is rendered or processed.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 24, 2026, 06:49 AM
Security Audit — agent-trust-hub — presentation-builder