nopoint-bring-your-deck

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone an external repository from a source that is not listed as a trusted vendor (https://github.com/mewc/nopoint.git). This introduces a supply chain risk by downloading code from an unverified third party.
  • [COMMAND_EXECUTION]: Following the clone, the skill executes bun install or npm install, which runs arbitrary lifecycle scripts and downloads packages from the unverified repository. It also starts a development server using bun dev.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from user-provided files (PDF, PPTX, Keynote, and screenshots) to generate React components.
  • Ingestion points: User-provided pitch deck files in Step 2a.
  • Boundary markers: None identified; instructions do not include delimiters or warnings to ignore embedded instructions in the source material.
  • Capability inventory: The skill performs shell commands (git clone, bun install, cp, bun dev) and writes new React files to the filesystem.
  • Sanitization: None; the agent is directed to read the content of the files directly and translate them into executable code.
  • [SAFE_PRACTICE]: The skill correctly instructs the user to manage sensitive credentials like STRIPE_KEY or CHARTCASTR_API_KEY using a .env.local file, which is a standard and safe practice for local development.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 09:14 PM