ppt-artisan

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The converter falls back to running 'npx -y @marp-team/marp-cli' at runtime (if a local marp binary is missing), which causes npx to fetch and execute remote npm package code necessary for the Markdown→PPTX flow, so this is a runtime remote-code fetch/execute risk.