Security audit

Cjl Slides

Security checks across malware telemetry and agentic risk

Overview

This skill is primarily a local slide-generation and PPTX-conversion helper, with clear caveats around CDN-based charts and optional Vercel publishing.

Install only if you are comfortable with local processing of presentation files. Review generated HTML before opening or sharing sensitive decks because chart slides may load Chart.js from a CDN. Treat Vercel deployment as third-party publishing: confirm what files will be uploaded and where they will be hosted before approving any deployment command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 86% confidence
Finding: The skill description emphasizes slide creation and HTML-to-PPTX export, but the documented behavior also includes PPTX extraction to JSON, reading speaker notes, and exporting embedded images. That expands data access beyond what a user may reasonably expect, increasing privacy and exfiltration risk when sensitive presentations are uploaded.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The manifest claims zero external dependencies and offline operation, but the workflow relies on Chart.js from public CDNs when charts are used. This mismatch can cause unexpected network access, which matters in restricted or sensitive environments and undermines user trust about offline/local-only behavior.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: Adding Vercel deployment materially expands the skill from local presentation generation into publishing content to a third-party service. That broader capability increases the risk of unintended data exposure and exceeds what users may infer from the manifest's stated purpose.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: A deployment script is context-expanding for a slide-generation skill because it can publish user content externally, not just create files locally. In this context, the danger is not code execution by itself but quiet transition from document generation to network publication with possible confidentiality impact.

Intent-Code Divergence

Medium

Confidence: 85% confidence
Finding: The skill promises single-file HTML with no external dependencies, yet chart generation depends on external Chart.js CDNs. This is primarily a trust and transparency issue, but it also creates a security boundary mismatch because generated files may make network requests when opened.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs running a shell deployment script for Vercel without a prominent warning that this performs system-impacting execution and may upload files externally. In a skill that otherwise appears focused on document creation, that omission increases the chance of users consenting without understanding operational or data-sharing consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal