revealjs
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The
scripts/edit-html.jsfile useschild_process.execto automatically open the default web browser. While the command is constructed from known platform strings, it is an unnecessary privilege. - EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes
puppeteer, which downloads a full browser binary upon installation. Furthermore, thescripts/create-presentation.jsscript generates HTML templates that include multiple external dependencies (Reveal.js, Font Awesome, Chart.js) via public CDNs. - REMOTE_CODE_EXECUTION (MEDIUM): The
scripts/edit-html.jsscript launches a local HTTP server that accepts POST requests to/saveand writes the body directly to the targeted HTML file. Due to the absence of CSRF protection and authentication, a malicious website could overwrite the local presentation file if the editor is active.
Audit Metadata