octocode-slides
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The README.md file provides instructions to install the
uvtool fromastral.shusing a piped shell execution pattern (curl | sh). Astral is a well-known technology provider, and this is an established installation method for their software. - [COMMAND_EXECUTION]: Installation instructions for Windows users include a command to bypass the PowerShell execution policy to execute the
uvinstaller script. This is a common setup procedure for third-party developer tools. - [PROMPT_INJECTION]: Because the skill is designed to ingest and process untrusted data from local codebases or external repositories to generate slides, it has an inherent surface for indirect prompt injection. The skill provides clear instructions to the agent to avoid fabricating content and includes a multi-phase flow that requires user validation of the narrative and design before implementation.
Audit Metadata