carousel
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
puppeteerpackage from the npm registry during the setup process. This is a legitimate and well-known library used for the skill's core function of rendering HTML slides to PNG images. - [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage its lifecycle, including
npm installfor setup,nodeto run the rendering logic, and system utilities likeopenand AppleScript to display the finished slides and open the file manager for delivery. - [PROMPT_INJECTION]: The skill accepts a
topic or descriptionfrom the user to generate slide content, creating a vulnerability surface for indirect prompt injection. Malicious instructions within the topic could attempt to override the agent's behavior during the content generation phase. - Ingestion points: User-provided topic input passed to the
/carouselcommand. - Boundary markers: The instructions do not implement specific delimiters or 'ignore' instructions to isolate the user-provided topic from the generation prompt.
- Capability inventory: The skill has the capability to write to the file system, install npm packages, and execute shell commands.
- Sanitization: There is no mention of input validation, sanitization, or filtering applied to the user-supplied topic before it is processed by the model.
Audit Metadata