5dd70b5016
Some checks failed
ci / Validate workspace (push) Successful in 12m32s
landing-page-ci / Validate landing page (push) Successful in 9m41s
landing-page-deploy / Deploy landing page (push) Failing after 5m23s
github-metrics / Generate repository metrics SVG (push) Failing after 2m3s
refresh-contributors-wall / Refresh contributors wall cache bust (push) Failing after 11s
This repository contains the open-design daemon CLI source code, built and packaged at https://helix-mind.ai/cli/open-design/latest.tgz for use by the HelixMind /design slash command. Licenses: Apache-2.0 (root) + MIT (skills/*)
13 lines
635 B
Plaintext
13 lines
635 B
Plaintext
# Security scan allowlist for html-ppt-skill
|
|
# These patterns are false positives from template content, not actual threats.
|
|
|
|
# Path traversal: templates reference shared assets via relative paths
|
|
# e.g. templates/full-decks/weekly-report/ → ../../../assets/
|
|
# This is the correct relative path to the skill root assets directory.
|
|
traversal:templates/full-decks/*/index.html
|
|
|
|
# Destructive commands: testing-safety-alert template displays forbidden
|
|
# commands as text examples in a security policy demo slide.
|
|
# They are HTML content, not executable code.
|
|
destructive:templates/full-decks/testing-safety-alert/index.html
|