generate-slide
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its primary function by communicating with the official Google Gemini API (generativelanguage.googleapis.com), which is a trusted and well-known service.
- [DATA_EXFILTRATION]: The skill transmits project metadata (extracted from files such as README.md and package.json) to the Google Gemini API. This is the intended behavior for generating slide content and does not involve unauthorized data removal.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill reads content from local project files and interpolates it into prompts without sanitization or boundary markers.
- Ingestion points: Local files including README.md, package.json, Cargo.toml, and pyproject.toml.
- Boundary markers: Absent; data is directly inserted into prompt strings.
- Capability inventory: Bash (utilizing curl and jq), Read (for file inspection), and Write (to save generated images).
- Sanitization: No sanitization or escaping of extracted content is performed before prompt construction.
Audit Metadata