dashi-ppt
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local system utilities including ffmpeg, sips, and magick for media processing, and uses scutil and ps for environment discovery during server startup.
- [COMMAND_EXECUTION]: The workflow involves starting a local HTTP/HTTPS server to host generated decks and uses esbuild to bundle UI components at runtime.
- [EXTERNAL_DOWNLOADS]: Setup and maintenance scripts (ensure-registry.mjs and check_latest_version.mjs) perform network requests to well-known npm registries and version endpoints to configure the environment and check for updates.
- [SAFE]: A path-scrubbing utility (scrub-local-paths.mjs) is integrated into the logging pipeline to remove absolute file system paths, protecting user privacy.
- [SAFE]: The goal specification validator (validate-goal-spec.mjs) implements a strict whitelist for HTML tags and prevents the inclusion of JavaScript event handlers or URIs in user-provided slide content.
- [SAFE]: The local preview and export server includes built-in authentication that verifies the Origin and Referer headers of incoming requests to prevent unauthorized cross-site access.
Audit Metadata