dashiai-ppt
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup instructions and internal scripts (e.g.,
scripts/ensure-registry.mjs) indicate that it installs necessary Node.js dependencies from official registries (npmjs.orgornpmmirror.com) into its local project directory during the initial run. - [COMMAND_EXECUTION]: The skill invokes several local system utilities to perform its core functions. This includes using
ffmpegfor video frame extraction,magickandsipsfor image optimization and downscaling,opensslfor generating local self-signed certificates for its HTTPS preview server, and standard system commands likepsfor internal process tracking and cleanup. It also spawns a background Node.js process to maintain a local preview and export environment. - [SAFE]: The skill implements a robust security model for a local generation tool. It includes a validation layer (
scripts/validate-goal-spec.mjs) that blocks unsafe HTML tags and event handlers in user-supplied content. The local preview server (scripts/serve-preview-https.mjs) uses path-traversal protections and checks theOriginandRefererheaders to ensure requests originate from the local environment. All file operations are scoped to the skill's own output and asset directories.
Audit Metadata