slide-creator
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of
playwrightandPyMuPDFvia pip. These are legitimate dependencies used for browser automation and PDF processing. - [COMMAND_EXECUTION]: The skill executes a local Python script (
export_pdf.py) and utilizes shell commands likebase64to process and embed brand assets into the generated HTML. - [PROMPT_INJECTION]: The skill uses
web_fetchto process external URLs for visual style extraction, creating a surface for indirect prompt injection. - Ingestion points: External content enters the agent context through
web_fetchresults and user-provided images in the Art Direction workflow. - Boundary markers: The skill instructions include an 'Extraction Protocol' that explicitly tells the agent to ignore branding/names and focus solely on design tokens.
- Capability inventory: The skill can write files, execute shell commands, and run a headless browser via Playwright.
- Sanitization: The skill relies on the agent's ability to follow instructions to filter out non-design content, as no programmatic sanitization of the fetched data is implemented.
Audit Metadata