pptx

[Skill Scanner] Installation of third-party script detected All findings: [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] BENIGN: The code fragment is a descriptive, multi-step workflow for PPTX creation/editing/analysis with standard tooling and local data handling. The footprint (file I/O, local script invocations, and documented installation steps) is coherent with its stated purpose of PPTX manipulation and workflow orchestration without attempting to perform unexpected external actions. Recommendations include enforcing version pinning, validating tool integrity (hashes), and restricting execution to trusted environments to mitigate supply-chain risk from the numerous dependencies. LLM verification: This SKILL.md is coherent with its stated purpose (pptx creation/editing/analysis). It does not contain explicit malicious code or instructions to exfiltrate data, but it recommends many global/unpinned package installs and running repository scripts without integrity checks. Those patterns raise moderate supply-chain risk: installing multiple global dependencies and executing unverified scripts increases attack surface and could lead to credential exposure or arbitrary code execution if the ref