Skills
skills/marcioaltoe/skills/pitch-gen/Gen Agent Trust Hub

pitch-gen

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-supplied startup ideas directly into the LLM prompt without using delimiters or safety instructions to prevent the model from obeying instructions hidden within the data.
  • Ingestion points: The <idea> argument in src/cli.ts which is passed to the generatePitch function.
  • Boundary markers: Absent. The user input is directly concatenated into the prompt string in src/index.ts (Create pitch deck content for: ${idea}).
  • Capability inventory: The skill has file system write capabilities via fs.writeFileSync in src/cli.ts.
  • Sanitization: None. The input string is used as-provided without escaping or validation.
  • [COMMAND_EXECUTION]: The skill performs file system operations by writing AI-generated content to a local path specified by the user via the --output flag. While this is the intended functionality of the tool, a successful prompt injection could potentially lead to the generation of malicious content that is then saved to the user's workspace.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 06:50 PM
Security Audit — agent-trust-hub — pitch-gen