pptx

[Skill Scanner] [Documentation context] Installation of third-party script detected This skill is an instructional document describing legitimate PPTX editing/creation workflows and expected local tooling. It does not contain explicit malicious code or network exfiltration patterns. The primary risks are supply-chain and operational: recommending global, unpinned npm installs (playwright, sharp, pptxgenjs) and running document converters increases attack surface, and insistence on fully reading several doc files is unusual but not inherently malicious. Without the referenced scripts' source (unpack.py, replace.py, inventory.py, rearrange.py), we cannot rule out malicious behavior in those. Overall the file appears functionally appropriate for the stated purpose but with moderate supply-chain and processing risks that warrant review of the referenced scripts and cautious installation practices (pin versions, prefer local installs, inspect scripts before running). LLM verification: [LLM Escalated] The skill documentation aligns with its stated goal of PPTX creation/editing/analysis and contains no explicit malicious payloads or network exfiltration endpoints in the provided content. Primary risks are supply-chain and operational: instructions to perform multiple global installs, and reliance on several local scripts whose contents are not provided. The directive to always read full referenced files without limits is a data-exposure concern for automated agents. Mitigations: inspect the re