Geek-skills-deck-studio
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill generates JavaScript files (e.g.,
slide-XX.js) based on user content and then executes them using Node.js to programmatically build the final PPTX file via the PptxGenJS library. - Evidence: Described in
references/v2-pipeline/pptx-generation.mdandreferences/v2-pipeline/v2-skill-archive.md. - [COMMAND_EXECUTION]: The agent's coordination logic involves generating and running shell scripts to launch research sub-agents, manage workspace files, and handle data redirection. This is a powerful capability that allows the agent to execute arbitrary CLI commands in its environment.
- Evidence: Found in
references/v2-pipeline/v2-skill-archive.mdandreferences/v2-pipeline/subagent-prompt.md. - [EXTERNAL_DOWNLOADS]: The skill relies on external software packages including
pptxgenjsfrom the NPM registry andmarkitdownfrom the official Python Package Index (PyPI) to perform its core functions of presentation building and document processing. - Evidence: Mentioned as dependencies in
references/v2-pipeline/v2-skill-archive.md. - [PROMPT_INJECTION]: There is an indirect prompt injection attack surface because the agent fetches and processes content from external websites during its research phase. The skill does not define strict sanitization or specific isolation markers to prevent untrusted data from potentially influencing the agent's logic during the slide generation process.
- Ingestion points:
references/v2-pipeline/subagent-prompt.md(viaweb_searchandweb_fetchtools). - Boundary markers: Lacks explicit boundary enforcement for external data.
- Capability inventory: Documented ability to generate/execute Node.js and shell scripts.
- Sanitization: No explicit validation or filtering logic provided for fetched content.
Audit Metadata