Skills
skills/happycapy-ai/happycapy-skills/frontend-slides/Gen Agent Trust Hub

frontend-slides

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external PowerPoint files which may contain untrusted content, creating a surface for indirect prompt injection.
  • Ingestion points: The extract_pptx function in SKILL.md reads text, images, and notes from user-provided PowerPoint files.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard instructions that might be embedded within the extracted slide content during confirmation or generation phases.
  • Capability inventory: The skill has the ability to write HTML files to the disk and use the open command to launch them in a browser, which could be exploited if the agent is influenced by malicious instructions in a processed document.
  • Sanitization: No sanitization or validation of the content extracted from the PowerPoint files is performed before processing.
  • [COMMAND_EXECUTION]: The skill requires the agent to execute a Python script locally to parse documents and uses the open command to display the generated presentation in the user's browser.
  • [EXTERNAL_DOWNLOADS]: Generated presentations are configured to fetch font assets and stylesheets from api.fontshare.com, which is a well-known third-party typography service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 07:18 AM