slidekit-templ
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/pdf_to_images.pyexecutes the externalpdftoppmutility to process PDF files. It uses a list of arguments withsubprocess.run, which effectively mitigates shell injection risks. - [EXTERNAL_DOWNLOADS]: The HTML boilerplate defined in
INSTRUCTIONS.mdincludes links to CSS and font files hosted on well-known and trusted services including JSDelivr (Tailwind CSS and Font Awesome) and Google Fonts. - [SAFE]: The skill uses local file paths within the expected AI agent skill directory structure (
~/.claude/skills/) to reference internal guidelines and scripts, which is a standard pattern for modular agent skills. - [SAFE]: No evidence of obfuscation, hardcoded credentials, or unauthorized data exfiltration was found in the provided files.
Audit Metadata