skills/akillness/oh-my-gods/presentation-builder/Snyk

presentation-builder

Fail

Audited by Snyk on Mar 19, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.70). The links point to a GitHub repository from an unknown/random-looking user and the recommended workflow requires cloning and running npm/npx commands (which can execute arbitrary install scripts and download binaries), so while GitHub is a common source the repo lacks visible trust signals and thus poses a moderate-to-high risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill's preflight explicitly runs "git clone https://github.com/vkehfdl1/slides-grab.git" followed by npm install and executing the slides-grab CLI, so the remote repository at https://github.com/vkehfdl1/slides-grab.git is fetched at runtime and its code is executed as a required dependency.

Issues (2)

E005

CRITICAL

Suspicious download URL detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

CRITICAL

Analyzed

Mar 19, 2026, 01:55 PM

Issues

2