Security risk report for @forgecat/openai_skills_slides v0.0.10
Source Integrity
Low
Profile is sourced from OpenAI's official skills repository (github.com/openai/skills) with a documented commit hash and Apache-2.0 license.
Metadata is consistent and verifiable; no obfuscated or suspicious origin indicators.
Agent Intent
Low
Content describes legitimate slide-authoring workflows using PptxGenJS and bundled helper utilities; no prompt injection, role hijacking, or system-prompt leakage attempts.
Instructions are task-focused (deck creation, layout validation, rendering) and do not manipulate the AI to ignore instructions, read credentials, or exfiltrate data.
Guidance on using helpers, Python scripts, and validation tools is standard practice documentation; no poisoned dependencies, typosquatted packages, or security-weakening directives are present.
README and SKILL.md describe legitimate use cases: 'Create and edit presentation slide decks (.pptx) with PptxGenJS'.
Workflow section outlines normal authoring steps: inspect request, set slide size, build deck, render, validate, deliver.
No instructions to disable security features, fetch untrusted URLs, or install arbitrary code.
Permissions
Low
No tools or hooks are declared in this profile; it is a documentation and helper-library skill.
Guidance references legitimate Python scripts (render_slides.py, slides_test.py, etc.) for local validation and rendering; no excessive agency or unrestricted file/shell access is requested.
System tools mentioned (LibreOffice, Poppler, Inkscape) are invoked only for slide rendering and font inspection—scoped to the task.
Details
Evidence
'Declared tools (normalized categories; paths are untrusted): (none declared)'.
Scripts are invoked locally in task-local directories: 'Keep work in a task-local directory. Only copy final artifacts to the requested destination after rendering and validation pass.'
MCP Risk
Low
No MCP servers are defined in this profile.
The skill is purely documentation and helper libraries; no remote execution, arbitrary binary invocation, or network access is configured.