slidekit-create
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches visual assets and libraries, including Tailwind CSS, Font Awesome, and Chart.js, from trusted content delivery networks such as JSDelivr and Google Fonts.
- [SAFE]: References an official repository from a well-known organization for the optional installation of a PowerPoint conversion skill.
- [PROMPT_INJECTION]: The skill processes user-provided HTML templates and content files, which constitutes a surface for indirect prompt injection.
- Ingestion points: Reads HTML files from the references/templates/ directory and user-specified content source files (Markdown, Text, etc.).
- Boundary markers: Does not utilize explicit delimiters to isolate untrusted data within the system instructions.
- Capability inventory: Performs file writes to the local filesystem (Phase 4 in SKILL.md) and invokes the /pptx tool via the Skill tool (Phase 7 in SKILL.md).
- Sanitization: Implements logic to extract only visual styling and layout patterns from templates while ignoring text content.
Audit Metadata