presentation-builder

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs point to a GitHub repository owned by an unfamiliar, random-looking username and the skill instructs cloning and running npm/Playwright installs (which execute third-party code and download binaries), so it could be used to distribute malicious packages or executables and should be treated as suspicious until the repo is verified.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's preflight explicitly runs "git clone https://github.com/vkehfdl1/slides-grab.git" followed by npm install and executing the slides-grab CLI, so the remote repository at https://github.com/vkehfdl1/slides-grab.git is fetched at runtime and its code is executed as a required dependency.