2slides-ppt-generator
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
scripts/*.py) to interact with the 2slides API for creating presentations, searching themes, and adding narration. This is the primary method of operation for the skill. - [EXTERNAL_DOWNLOADS]: The
download_slides_pages_voices.pyandgenerate_slides.pyscripts fetch generated presentation files (PDFs) and archives (ZIP) from the official2slides.comdomain. These downloads are legitimate assets produced by the service. - [DATA_EXFILTRATION]: User-provided text content and document data are transmitted to the external 2slides API for processing. This data transfer is documented as the core functionality required for slide generation.
- [PROMPT_INJECTION]: The skill processes external user content and documents, creating a surface for indirect prompt injection.
- Ingestion points: Content enters through the
--contentargument in generation scripts (scripts/generate_slides.py,scripts/create_pdf_slides.py). - Boundary markers: The scripts do not implement specific delimiters or 'ignore' instructions for the interpolated content.
- Capability inventory: The skill can execute local scripts and perform network operations to the vendor's API.
- Sanitization: No local sanitization is performed on the input data before it is sent to the 2slides API.
Audit Metadata