creating-slides
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DYNAMIC_EXECUTION]: The skill relies on dynamic code execution in multiple contexts: the
run_sdk_snippettool is used to execute Python code for data analysis and tool orchestration, and thecreate_slidetool accepts ananalysis_jsparameter which executes arbitrary JavaScript within a browser environment to perform layout quality checks. - [COMMAND_EXECUTION]: The skill instructs the agent to use
shell_execfor file management operations, specifically usingmvfor renaming/moving slides andcpfor copying user-uploaded images into the project directory. - [EXTERNAL_DOWNLOADS]: The skill fetches assets from well-known services and trusted CDNs, including TailwindCSS (via JIT compilation script), FontAwesome, Google Fonts, and ECharts. These are standard resources for web-based slide creation.
- [PROMPT_INJECTION]: The skill's frontmatter contains a directive that attempts to override the agent's default skill selection behavior by mandating that this specific skill MUST be loaded whenever a specific pattern (
[@slide_project:...]) is detected in the user's message. - [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection.
- Ingestion points: The skill ingests untrusted data through
web_search,read_webpages_as_markdown, andimage_searchtools. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands in the ingested data.
- Capability inventory: The agent has access to
run_sdk_snippet(Python execution),shell_exec(file system operations), andcreate_slide(JavaScript execution). - Sanitization: No sanitization or validation of the external content is mentioned before it is processed or used in project creation.
Audit Metadata