dashi-ppt

Pass

Audited by Gen Agent Trust Hub on Jul 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several local utilities to support presentation generation and management:
  • project/scripts/stage-media.mjs uses ffmpeg, sips, and magick for image/video processing.
  • project/scripts/chrome-path.mjs and project/scripts/openssl-path.mjs use system commands (where/which) to locate required binaries.
  • project/scripts/start-preview-server.mjs and project/scripts/serve-preview-https.mjs manage a local background service for deck previewing.
  • [EXTERNAL_DOWNLOADS]: The skill includes a connectivity check script (project/scripts/ensure-registry.mjs) that attempts to reach the official NPM registry and a well-known mirror (registry.npmmirror.com) to ensure a working installation environment.
  • [COMMAND_EXECUTION]: The skill instructions in SKILL.md specify running a version check script (node scripts/check_latest_version.mjs) at the end of user requests to keep the tool updated. This is a common maintenance task.
  • [SAFE]: The local preview server uses an origin-based authentication mechanism (project/scripts/preview/export-routes.mjs) to restrict access to sensitive API endpoints like saving the deck state or exporting PPTX files to trusted origins only. Path resolving logic is implemented with boundary checks to prevent directory traversal.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 17, 2026, 09:59 AM
Security Audit — agent-trust-hub — dashi-ppt