dashiai-ppt

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's setup instructions and internal scripts (e.g., scripts/ensure-registry.mjs) indicate that it installs necessary Node.js dependencies from official registries (npmjs.org or npmmirror.com) into its local project directory during the initial run.
  • [COMMAND_EXECUTION]: The skill invokes several local system utilities to perform its core functions. This includes using ffmpeg for video frame extraction, magick and sips for image optimization and downscaling, openssl for generating local self-signed certificates for its HTTPS preview server, and standard system commands like ps for internal process tracking and cleanup. It also spawns a background Node.js process to maintain a local preview and export environment.
  • [SAFE]: The skill implements a robust security model for a local generation tool. It includes a validation layer (scripts/validate-goal-spec.mjs) that blocks unsafe HTML tags and event handlers in user-supplied content. The local preview server (scripts/serve-preview-https.mjs) uses path-traversal protections and checks the Origin and Referer headers to ensure requests originate from the local environment. All file operations are scoped to the skill's own output and asset directories.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 08:24 AM
Security Audit — agent-trust-hub — dashiai-ppt