Skills
skills/slidespeak/skills/slidespeak/Gen Agent Trust Hub

slidespeak

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill creates a high-risk attack surface by processing untrusted external content while possessing extensive system capabilities. \n
  • Ingestion points: Untrusted data is ingested from files via node scripts/slidespeak.mjs upload and from text via the generate command. \n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation. \n
  • Capability inventory: The skill is granted Bash, Read, and Write permissions, providing a powerful execution environment for injected instructions. \n
  • Sanitization: No evidence of content filtering or sanitization of ingested documents exists. \n- [Data Exposure & Exfiltration] (HIGH): The skill provides a mechanism to transmit local file content to an external server (api.slidespeak.co). \n
  • Evidence: The upload command takes an arbitrary local path and sends the file to the SlideSpeak API. This capability can be exploited to exfiltrate sensitive files such as ~/.aws/credentials or private keys if the agent is manipulated through prompt injection. \n- [Command Execution] (LOW): The skill relies on executing a local Node.js script (scripts/slidespeak.mjs) to interact with the API. This is a standard integration pattern but requires the underlying script to be audited for secure handling of input parameters to prevent shell injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 02:12 PM