slide-maker
Fail
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
feedback-bridge.mjsscript starts a local HTTP server that accepts feedback data via POST requests. It uses thescreenshotFileproperty from the received JSON payload directly inpath.join()without sanitization. This enables a path traversal attack where a malicious request (potentially from an external website targeting the local port) could cause the script to overwrite arbitrary files on the user's host machine. - [COMMAND_EXECUTION]: The
receive-feedback.mjsscript exhibits similar path traversal vulnerabilities. It uses unsanitized input from the feedback JSON to construct file paths for moving and copying files, potentially allowing arbitrary file writes outside the intended directory. - [EXTERNAL_DOWNLOADS]: The skill's instructions in
SKILL.mddirect the AI agent to clone a third-party repository (https://github.com/nextlevelbuilder/ui-ux-pro-max-skill) to resolve design system suggestions. This repository is not from a recognized trusted organization. While the skill correctly includes a safeguard requiring explicit user consent before the fetch, the reliance on an external, untrusted source for functional instructions remains a security concern. - [REMOTE_CODE_EXECUTION]: The skill's architecture involves downloading and potentially invoking instructions or capabilities from an external repository (
nextlevelbuilder/ui-ux-pro-max-skill), which constitutes a remote code execution surface. - [COMMAND_EXECUTION]: Multiple scripts within the
deck-template/scripts/directory usechild_process.spawnorchild_process.execFileSyncto execute system commands such assoffice(LibreOffice),pdftoppm,npm, andnode. While these are for the skill's primary purpose of document generation and conversion, they significantly increase the skill's overall attack surface.
Recommendations
- AI detected serious security threats
Audit Metadata