SlideSpeak

The skill bundle is classified as benign. While it requests `Bash Read Write` permissions, the `slidespeak.mjs` script uses these permissions in a manner consistent with its stated purpose: reading user-specified document files for upload and JSON configuration files for presentation generation. All network communication is directed to the legitimate `api.slidespeak.co` endpoint, and there is no evidence of data exfiltration to unauthorized domains, malicious execution patterns, persistence mechanisms, or prompt injection attempts in `SKILL.md` aiming to subvert the agent's behavior for harmful purposes. The webhook subscription feature is a legitimate API function, not a direct exfiltration vector by the skill itself.