oma-slide
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Executes the
oma slideCLI for deterministic operations including workspace scaffolding, geometric validation of slides via Puppeteer, and bundling/exporting artifacts. - [EXTERNAL_DOWNLOADS]: Fetches design templates from the public GitHub repository
zarazhangrui/frontend-slides. The skill explicitly defines these as untrusted data and uses them strictly for stylistic reference rather than direct execution. - [EXTERNAL_DOWNLOADS]: Integrates with the Canva Remote MCP at
https://mcp.canva.com/mcp, which is an established well-known service for design and presentations. - [COMMAND_EXECUTION]: Modifies project and global MCP configuration files to enable Canva integration, but only after obtaining explicit user approval, following principle of least privilege.
- [DATA_EXFILTRATION]: Facilitates the transfer of generated slide assets to a user's Canva account. This behavior is documented as a primary feature of the skill's export pipeline.
- [EXTERNAL_DOWNLOADS]: Utilizes
oma slide fetch-videoto download media assets from external URLs provided by the user into the local project environment.
Audit Metadata