slide-ko-polish

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. Untrusted content from user-provided slide files is interpolated into prompts for external LLM CLIs (Claude, Codex, Gemini) in verify.sh and polish-loop.sh without sanitization.
  • Ingestion points: Slide content is extracted from files provided as arguments to verify.sh and polish-loop.sh.
  • Boundary markers: The content is placed under headers like [슬라이드 텍스트] or [LLM 리뷰 발견 사항], but lacks strict escape sequences.
  • Capability inventory: The polish-loop.sh script specifically invokes the claude CLI with --allowed-tools "Edit Read Grep", granting the LLM the ability to modify local files based on potentially malicious instructions embedded in the slides.
  • Sanitization: None detected. The scripts perform text extraction but do not filter for prompt-altering instructions.
  • [COMMAND_EXECUTION]: The skill relies on shell scripts (verify.sh, polish-loop.sh) that execute system commands and external developer tools.
  • Execution details: polish-loop.sh dynamically detects and executes claude, codex, or gemini CLI tools. It grants these tools permissions to read and edit files in the working directory (--add-dir, exec --cwd).
  • Subprocess usage: Extensive use of grep, sed, perl, and awk to process file content and LLM outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 04:46 PM
Security Audit — agent-trust-hub — slide-ko-polish