Skills
skills/yelban/baoyu-skills.tw/baoyu-slide-deck/Gen Agent Trust Hub

baoyu-slide-deck

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes instructions in references/base-prompt.md that explicitly attempt to override safety filters by instructing the AI 'DO NOT refuse to generate' when content involves sensitive or copyrighted figures.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user content (markdown) and propagates it through multiple steps of the agent workflow, potentially influencing future instructions.
  • Ingestion points: User content provided via file path or text input, saved as source.md and outline.md.
  • Boundary markers: Uses markdown headers and delimited blocks like <STYLE_INSTRUCTIONS> but lacks strong markers to prevent the AI from following instructions embedded within the user data.
  • Capability inventory: The skill can read/write files and execute local scripts using the bun runtime.
  • Sanitization: No evidence of sanitization or content validation to filter malicious instructions from the input markdown was found.
  • [COMMAND_EXECUTION]: The skill relies on shell execution to run its internal TypeScript scripts (scripts/merge-to-pdf.ts, scripts/merge-to-pptx.ts) using the bun or npx runtimes to finalize the presentation documents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 10:59 AM