nopoint-bring-your-deck
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone an external repository from a source that is not listed as a trusted vendor (
https://github.com/mewc/nopoint.git). This introduces a supply chain risk by downloading code from an unverified third party. - [COMMAND_EXECUTION]: Following the clone, the skill executes
bun installornpm install, which runs arbitrary lifecycle scripts and downloads packages from the unverified repository. It also starts a development server usingbun dev. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from user-provided files (PDF, PPTX, Keynote, and screenshots) to generate React components.
- Ingestion points: User-provided pitch deck files in Step 2a.
- Boundary markers: None identified; instructions do not include delimiters or warnings to ignore embedded instructions in the source material.
- Capability inventory: The skill performs shell commands (
git clone,bun install,cp,bun dev) and writes new React files to the filesystem. - Sanitization: None; the agent is directed to read the content of the files directly and translate them into executable code.
- [SAFE_PRACTICE]: The skill correctly instructs the user to manage sensitive credentials like
STRIPE_KEYorCHARTCASTR_API_KEYusing a.env.localfile, which is a standard and safe practice for local development.
Audit Metadata