presentation
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute standard development commands, including
pnpm install,pnpm type-check,pnpm dev, andpnpm build. These are necessary for the skill's stated purpose of scaffolding and verifying a web-based presentation project. - [EXTERNAL_DOWNLOADS]: The generated project templates reference well-known external resources, specifically fonts from Google's font CDN and standard open-source libraries (e.g., React, Mermaid, Tailwind) from the NPM registry. These are common in web development and do not represent a security risk.
- [PROMPT_INJECTION]: The skill operates by ingesting untrusted data from markdown specification files to generate content. This represents a potential surface for indirect prompt injection. However, the risk is minimized by the skill's workflow, which requires the agent to propose a narrative outline for user approval before generating any code, serving as a human-in-the-loop checkpoint.
- Ingestion points: Tech-spec markdown files located in
tech-specs/<slug>/*.md. - Boundary markers: The skill uses a custom parser for YAML frontmatter and the
markedlibrary for markdown content, which treats the input as data to be rendered rather than instructions to be executed. - Capability inventory: The skill can perform file writes within the workspace, install NPM packages, and run local build/development servers.
- Sanitization: Content is processed through standard markdown rendering pipelines, and the workflow is gated by user approval of the proposed outline.
Audit Metadata