slide-builder
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell scripts (
init.sh,export.sh) to automate project setup and exporting. It utilizespnpmandnpxto build presentations and run CLI-based exports, which are standard operations for development-oriented skills. - [EXTERNAL_DOWNLOADS]: During initialization and export, the skill downloads the Slidev CLI, various community and official themes, and the Chromium browser from the official NPM registry and Microsoft sources. These downloads target well-known and trusted infrastructure.
- [DATA_EXFILTRATION]: Reference documentation for the underlying Slidev tool highlights a built-in remote tunnel feature (
--tunnel). While intended for sharing presentations, it represents a potential exposure surface for the local workspace if used improperly. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied text to generate
slides.md(Ingestion). It relies on Markdown separators (Boundaries) and lacks explicit input validation (Sanitization). However, given its primary purpose is code generation for presentations, its capabilities like shell execution (Capabilities) are expected and consistent with its role.
Audit Metadata