dashiai-ppt

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs a version check by fetching a package manifest from a public GitHub repository (raw.githubusercontent.com). GitHub is a well-known and trusted service for hosting code and metadata, and this operation is standard for update notifications.
  • [COMMAND_EXECUTION]: The skill executes several local system commands required for its core functionality:
  • Invokes npm to manage local project dependencies within the project/ directory.
  • Uses openssl via execFileSync to generate self-signed certificates to enable an HTTPS preview server for the user's browser.
  • Utilizes ffmpeg, magick (ImageMagick), and sips to process, optimize, and generate posters for user-provided images and videos used in the presentation.
  • Executes ps, scutil, and where/which to detect the local environment, identify browser paths, and manage background server processes.
  • [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. Network activity is limited to a simple GET request for version metadata from a trusted domain.
  • [PROMPT_INJECTION]: The SKILL.md instructions are task-oriented and specify how to manage the PPT generation workflow. They do not contain markers intended to bypass agent safety protocols or override system behavior.
  • [REMOTE_CODE_EXECUTION]: No patterns of executing untrusted remote code or piping remote scripts directly into a shell were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 11:08 AM
Security Audit — agent-trust-hub — dashiai-ppt