dashi-ppt

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local system utilities including ffmpeg, sips, and magick for media processing, and uses scutil and ps for environment discovery during server startup.
  • [COMMAND_EXECUTION]: The workflow involves starting a local HTTP/HTTPS server to host generated decks and uses esbuild to bundle UI components at runtime.
  • [EXTERNAL_DOWNLOADS]: Setup and maintenance scripts (ensure-registry.mjs and check_latest_version.mjs) perform network requests to well-known npm registries and version endpoints to configure the environment and check for updates.
  • [SAFE]: A path-scrubbing utility (scrub-local-paths.mjs) is integrated into the logging pipeline to remove absolute file system paths, protecting user privacy.
  • [SAFE]: The goal specification validator (validate-goal-spec.mjs) implements a strict whitelist for HTML tags and prevents the inclusion of JavaScript event handlers or URIs in user-provided slide content.
  • [SAFE]: The local preview and export server includes built-in authentication that verifies the Origin and Referer headers of incoming requests to prevent unauthorized cross-site access.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 11:35 AM
Security Audit — agent-trust-hub — dashi-ppt