oma-slide

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: Executes the oma slide CLI for deterministic operations including workspace scaffolding, geometric validation of slides via Puppeteer, and bundling/exporting artifacts.
  • [EXTERNAL_DOWNLOADS]: Fetches design templates from the public GitHub repository zarazhangrui/frontend-slides. The skill explicitly defines these as untrusted data and uses them strictly for stylistic reference rather than direct execution.
  • [EXTERNAL_DOWNLOADS]: Integrates with the Canva Remote MCP at https://mcp.canva.com/mcp, which is an established well-known service for design and presentations.
  • [COMMAND_EXECUTION]: Modifies project and global MCP configuration files to enable Canva integration, but only after obtaining explicit user approval, following principle of least privilege.
  • [DATA_EXFILTRATION]: Facilitates the transfer of generated slide assets to a user's Canva account. This behavior is documented as a primary feature of the skill's export pipeline.
  • [EXTERNAL_DOWNLOADS]: Utilizes oma slide fetch-video to download media assets from external URLs provided by the user into the local project environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:18 PM
Security Audit — agent-trust-hub — oma-slide