slides

[Skill Scanner] Credential file access detected The skill's stated purpose (HTML/CSS slide authoring and PDF conversion) matches the described capabilities. There is no direct evidence in the provided documentation of credential harvesting, backdoors, or data exfiltration. The main supply-chain concerns are: (1) automatic download/install of Playwright/Chromium without pinned revisions or integrity checks, and (2) runtime dependency on external CDNs for fonts/CSS/icons which could alter rendered content or include malicious assets if those CDNs are compromised. Because the conversion script itself (scripts/html_to_pdf.py) is not provided, the most security-relevant code path could not be validated; review that script before trusting automated installs or running it in sensitive environments. Recommend pinning Playwright/Chromium versions, adding integrity verification for downloaded binaries, and optionally vendorizing critical assets if supply-chain robustness is required. LLM verification: This skill's stated purpose (generate HTML/CSS slides and export to PDF via Playwright/Chromium) matches its capabilities. There is no evidence of explicit malicious code, credential harvesting, or backdoors in the provided documentation. However, the skill relies on unpinned remote CDNs and auto-download of Chromium which are legitimate but raise supply-chain risk. The largest practical risk is remote script execution during rendering (CDN JS and fonts) and unpinned dependencies that could be t