Skills
skills/toolshell/skills/pitch-deck-visuals/Gen Agent Trust Hub

pitch-deck-visuals

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: References an installation script for the infsh CLI hosted on GitHub (inference-sh/skills).
  • [COMMAND_EXECUTION]: Executes shell commands via the infsh CLI and npx to manage platform applications and skill dependencies.
  • [REMOTE_CODE_EXECUTION]: Generates and transmits Python scripts and HTML templates to be executed by remote platform tools for rendering visualizations.
  • [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection where user-supplied slide data is interpolated into executable HTML and Python templates.
  • Ingestion points: User-provided content for pitch slides.
  • Boundary markers: None present in templates.
  • Capability inventory: Remote Python execution (infsh/python-executor), shell command access (via infsh).
  • Sanitization: No input validation or escaping is implemented in the provided examples.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 06:35 PM
Security Audit — agent-trust-hub — pitch-deck-visuals