Skills
skills/kcchien/skills/felo-content-to-slides/Gen Agent Trust Hub

felo-content-to-slides

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands using both a local script (node src/cli.js) and a global CLI tool (felo). This is the intended method for performing the content-to-slides conversion.
  • [EXTERNAL_DOWNLOADS]: The skill references external dependencies including the felo-ai package via NPM and the Felo-Inc/felo-skills repository via npx. These resources are official components provided by the skill's vendor.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes untrusted data from external URLs and YouTube transcripts to generate presentation content.
  • Ingestion points: External web page content and YouTube video transcripts fetched via the --url and --video parameters (SKILL.md).
  • Boundary markers: Absent; the instructions do not explicitly define delimiters to separate the fetched content from the agent's internal instructions.
  • Capability inventory: The skill executes shell commands and performs network operations to interact with the Felo API to generate slides (SKILL.md).
  • Sanitization: None detected; the skill does not specify any validation or filtering of the content retrieved from remote sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 03:09 PM