Skills
skills/nexu-io/open-design/html-ppt-presenter-mode/Gen Agent Trust Hub

html-ppt-presenter-mode

Warn

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation and example commands suggest fetching and installing an external skill from an unverified GitHub repository (https://github.com/lewislulu/html-ppt-skill).
  • [REMOTE_CODE_EXECUTION]: The skill provides a shell command example (npx skills add https://github.com/lewislulu/html-ppt-skill) that, if executed, downloads and runs external code from a source outside the verified provider scope.
  • [COMMAND_EXECUTION]: The documentation includes shell commands for project setup, such as copying files (cp) and opening artifacts (open).
  • [PROMPT_INJECTION]: The skill generates HTML files based on untrusted user input without explicit sanitization or boundary markers.
  • Ingestion points: User-provided presentation topic and script details in SKILL.md.
  • Boundary markers: Absent in the generation instructions.
  • Capability inventory: Creating and writing to local files (index.html, style.css).
  • Sanitization: No sanitization logic is provided in the authoring recipes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 2, 2026, 03:47 AM