dashiai-ppt
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs a version check by fetching a package manifest from a public GitHub repository (
raw.githubusercontent.com). GitHub is a well-known and trusted service for hosting code and metadata, and this operation is standard for update notifications. - [COMMAND_EXECUTION]: The skill executes several local system commands required for its core functionality:
- Invokes
npmto manage local project dependencies within theproject/directory. - Uses
opensslviaexecFileSyncto generate self-signed certificates to enable an HTTPS preview server for the user's browser. - Utilizes
ffmpeg,magick(ImageMagick), andsipsto process, optimize, and generate posters for user-provided images and videos used in the presentation. - Executes
ps,scutil, andwhere/whichto detect the local environment, identify browser paths, and manage background server processes. - [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. Network activity is limited to a simple GET request for version metadata from a trusted domain.
- [PROMPT_INJECTION]: The
SKILL.mdinstructions are task-oriented and specify how to manage the PPT generation workflow. They do not contain markers intended to bypass agent safety protocols or override system behavior. - [REMOTE_CODE_EXECUTION]: No patterns of executing untrusted remote code or piping remote scripts directly into a shell were detected.
Audit Metadata