Skills
skills/hoangvantuan/claude-plugin/pptx-creator/Gen Agent Trust Hub

pptx-creator

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DYNAMIC_EXECUTION]: The compilation process in scripts/compile.js involves dynamically loading and executing JavaScript files generated by the agent (slide-XX.js) using the require() function. This constitutes runtime execution of generated code, which is intended for building the final presentation but represents an attack surface for code injection if the generation process were compromised.
  • [COMMAND_EXECUTION]: The skill instructions and documentation specify the use of shell commands for environment setup and quality assurance. These include global package installations via npm, Python package installation via pip, and visual inspection using system tools like libreoffice (soffice) and poppler (pdftoppm).
  • [EXTERNAL_DOWNLOADS]: The skill fetches several dependencies from public registries, including pptxgenjs, react-icons, react, react-dom, and sharp from NPM, and markitdown from PyPI. It also includes functionality to download fonts from Google Fonts and external images via URLs for inclusion in slides.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 02:51 PM