Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- skills/sn-ppt-standard/scripts/export_pptx/html_to_pptx.mjs:24
- Evidence
execSync('npm install --omit=dev', { cwd: __dirname, stdio: 'inherit' });
Security audit
Security checks across malware telemetry and agentic risk
No artifact-backed suspicious behavior was available to verify; the supplied telemetry and pre-scan signal alone do not justify a Review hold.
Treat this as an incomplete review result: the provided negative signals alone are not enough to block installation, but the actual SKILL.md and artifact files should be reviewed before trusting the package.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal, suspicious.prompt_injection_instructions
execSync('npm install --omit=dev', { cwd: __dirname, stdio: 'inherit' });api_key=[REDACTED],
api_key = [REDACTED]
If missing, use inline fallback system prompt:
- System prompt: `prompts/resume.md`