create-pptx

The skill's footprint is broadly coherent with its stated purpose: it targets PPTX creation, editing, extraction, validation, and QA using well-known tooling (pptxgenjs, markitdown, LibreOffice, Poppler). Data flows are primarily file-based with local outputs (PPTX, images, PDFs, MD files). There are no evident credential reads or exfiltration channels, and no autonomous real-world actions beyond file processing. The only notable concern is the mix of multiple toolchains and potential for untrusted inputs in shell commands; this is a moderate risk rather than a direct threat, and can be mitigated with proper input sanitization, environment pinning, and clear execution boundaries. Overall, the risk is BENIGN with some MEDIUM considerations for supply-chain hygiene and input handling.