syncfusion-dotnet-powerpoint
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill implements a 'Mode 2' execution workflow that generates temporary .csx scripts based on user intent and executes them using the
dotnet scriptcommand-line tool. This behavior is the primary intended function for presentation automation and is restricted to using code snippets defined within the skill's own reference directory. - [EXTERNAL_DOWNLOADS]: The skill's execution environment fetches necessary dependencies from the NuGet gallery, a well-known and trusted package registry. These dependencies (e.g., Syncfusion.Presentation.Net.Core) originate from the skill's author, Syncfusion Inc, and are industry-standard libraries for document processing.
- [DATA_EXFILTRATION]: The skill has the capability to read and modify local PowerPoint files as part of its document processing workflow. It ingests untrusted data through the
Presentation.Open()API. However, analysis shows that all file operations are local to the workspace or designated output directories, and no network exfiltration patterns to untrusted external domains were identified. - [CREDENTIALS_UNSAFE]: The skill provides mechanisms for license management via the
SYNCFUSION_LICENSE_KEYenvironment variable or a localSyncfusionLicense.txtfile. These are standard practices for managing developer tools and do not involve hardcoding secrets or unsafe credential handling.
Audit Metadata