slide-maker

Warn

Audited by Socket on Jul 9, 2026

2 alerts found:

AnomalySecurity
AnomalyLOW
deck-template/src/App.jsx

This file is primarily UI logic and does not directly show overt malicious behavior (no eval/new Function, no direct exfiltration). However, it contains a high-impact supply-chain execution mechanism: when enabled, it dynamically injects and executes `/edit-mode/edit-mode.js` (and `/edit-mode/edit-mode.css`) and then initializes it with a hardcoded localhost bridge. The primary risk is integrity/hosting/control of those dynamically loaded assets; if compromised, arbitrary code execution in the page context is possible. Separately, it exposes window.__DECK globally, expanding the control surface for any co-resident script.

Confidence: 62%Severity: 52%
SecurityMEDIUM
deck-template/scripts/feedback-bridge.mjs

No overt malware (exfiltration, command execution, or code execution primitives) is evident in this module. However, the service is security-sensitive: it is an unauthenticated local HTTP endpoint that accepts untrusted JSON and writes attacker-controlled base64-decoded files to disk using a client-controlled filename via join(dir, screenshotFile) without sanitization. This can enable path traversal/arbitrary file write outside the intended directory (depending on join resolution and attacker inputs). Additional concerns include wildcard CORS and potential DoS/disk-filling through large or numerous uploads, plus disclosure of written paths back to clients.

Confidence: 74%Severity: 78%
Audit Metadata
Analyzed At
Jul 9, 2026, 02:17 PM
Package URL
pkg:socket/skills-sh/bmad-labs%2Fskills%2Fslide-maker%2F@ed02d7f65c8171f014098d3290d54d82d903ae4b7c2b216d07e93f912d87f6e4
Security Audit — socket — slide-maker