pptx

[Skill Scanner] Installation of third-party script detected All findings: [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] This skill document is consistent with its stated purpose (handling .pptx files). It contains no evidence of credential harvesting, remote exfiltration, obfuscated payloads, or download-and-execute patterns. The main supply-chain concerns are ordinary: it recommends installing packages (pip and npm) and using system tools (LibreOffice/Poppler). Those installs are legitimate but should be performed cautiously (pin versions, verify packages). Overall this file appears benign, but standard package supply-chain hygiene should be applied when following installation steps. LLM verification: The SKILL documentation is benign in intent and contains no direct signs of malware or credential exfiltration. Primary security concerns are supply-chain related (unverified pip/npm installs, especially a global npm install) and operational risks from executing native converters (soffice, pdftoppm) on untrusted .pptx files. Recommend running dependency installs in isolated environments, pinning versions, avoiding global npm installs, and sandboxing conversion steps. Overall: usable but moderate