slide-creator
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill uses
web_fetchto retrieve content from user-provided URLs to extract design cues such as tone, vocabulary, and layout density. This represents an attack surface where a malicious website could host instructions designed to influence the agent's behavior during the slide creation process. - Ingestion points: Content retrieved via
web_fetchfrom external URLs inSKILL.md. - Boundary markers: Absent; there are no instructions to ignore embedded commands within the fetched content.
- Capability inventory: Shell execution, file writing (HTML/CSS), and network access.
- Sanitization: Absent; the fetched text is processed directly to influence the visual style and copy of the generated slides.
- [DYNAMIC_EXECUTION]: The skill generates HTML and CSS files at runtime based on user preferences and then executes a local script (
scripts/export_pdf.py) that uses a headless browser to render the content. This workflow involves assembling and executing code generated from external inputs. - [PRIVILEGE_ESCALATION]: The instructions in
SKILL.mdadvise the user to runplaywright install-deps chromium, a command which typically modifies system-level packages and may require administrative privileges. - [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill fetches the
playwrightandPyMuPDFpackages from standard registries. It also manages the download of the Chromium browser binary required for the PDF export functionality.
Audit Metadata