slide-creator

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of playwright and PyMuPDF via pip. These are legitimate dependencies used for browser automation and PDF processing.
  • [COMMAND_EXECUTION]: The skill executes a local Python script (export_pdf.py) and utilizes shell commands like base64 to process and embed brand assets into the generated HTML.
  • [PROMPT_INJECTION]: The skill uses web_fetch to process external URLs for visual style extraction, creating a surface for indirect prompt injection.
  • Ingestion points: External content enters the agent context through web_fetch results and user-provided images in the Art Direction workflow.
  • Boundary markers: The skill instructions include an 'Extraction Protocol' that explicitly tells the agent to ignore branding/names and focus solely on design tokens.
  • Capability inventory: The skill can write files, execute shell commands, and run a headless browser via Playwright.
  • Sanitization: The skill relies on the agent's ability to follow instructions to filter out non-design content, as no programmatic sanitization of the fetched data is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 02:30 PM
Security Audit — agent-trust-hub — slide-creator