presentation-builder
Fail
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone a repository from an unverified third-party source (https://github.com/vkehfdl1/slides-grab.git) during its setup phase.
- [REMOTE_CODE_EXECUTION]: The agent is directed to run
npm ciandnpm execon the downloaded repository, resulting in the execution of unverified code. It also triggersnpx playwright install chromium, which downloads and executes binary installers from the network. - [COMMAND_EXECUTION]: The instructions require the agent to execute several high-risk shell commands (
git clone,npm ci,npx playwright,npm exec) to install and run the non-standardslides-grabutility. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing untrusted user data into generated HTML artifacts.
- Ingestion points: The skill ingests user-provided presentation goals, audience details, and source materials into
slide-outline.mdand HTML files. - Boundary markers: No specific delimiters or boundary markers are used to isolate untrusted content from the agent's instructions.
- Capability inventory: The skill environment has broad capabilities including network access, file system writes, and arbitrary code execution via
npm. - Sanitization: There is no evidence of sanitization or validation performed on user-supplied content before it is rendered or processed.
Recommendations
- AI detected serious security threats
Audit Metadata