slidev-multi-agent
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
sync-references.mjsscript fetches markdown documentation from official project domains, includingsli.dev,openai.com,claude.com, andopenclaw.ai. This is a legitimate maintenance function to provide the agent with up-to-date documentation. - [COMMAND_EXECUTION]: The skill includes several bash scripts (
slidev-init.sh,slidev-dev.sh,slidev-build.sh,slidev-export.sh,slidev-theme-eject.sh, andslidev-theme-scaffold.sh) that wrap Slidev CLI commands. These scripts resolve the CLI path through a shared utility_slidev_common.sh, prioritizing local installations before falling back to global commands or npx. - [REMOTE_CODE_EXECUTION]: The
slidev-init.shandslidev-export.shscripts facilitate the installation of standard project dependencies (@slidev/cli,@slidev/theme-default, andplaywright-chromium) via npm. These packages are official components of the Slidev and Playwright ecosystems and are necessary for the skill's stated purpose. - [PROMPT_INJECTION]: No malicious instructions, bypass markers, or safety overrides were detected in the
SKILL.mdfile or the supporting documentation. - [DATA_EXFILTRATION]: No sensitive file access patterns or unauthorized network transmissions of local data were identified in the provided scripts.
Audit Metadata