slidev-quick-start
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill uses
npm init slidev@latestandnpx slidev, which download and execute code from the npm registry. While these are standard tools for bootstrapping Slidev projects, they represent a risk of executing unverified external scripts. The severity is mitigated by the fact that these actions are essential to the primary purpose of the skill. - EXTERNAL_DOWNLOADS (LOW): The instructions include
npm install @slidev/cli @slidev/theme-default, which downloads external dependencies. Since these are from the standard npm registry and are necessary for the skill, the risk is considered low. - COMMAND_EXECUTION (LOW): The skill provides several shell commands for project scaffolding, including
mkdir,cd, andtouch. These are standard file system operations and present no significant security risk in this context.
Audit Metadata