SketchUp-PPT生成

Security checks across malware telemetry and agentic risk

Overview

This skill is a local SketchUp-to-PPT template generator with expected file input and output behavior, but users should choose the output path carefully to avoid overwriting a file.

Install only if you want a local PPT framework generator for SketchUp-related design reports. Run it on files you choose, save to a new or backed-up PPTX filename, and install python-pptx only from a trusted package source. Expect a slide framework rather than real SketchUp model parsing or automatic screenshot generation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The documented command explicitly writes to a user-supplied output .pptx path, but the skill does not warn that an existing file may be created or overwritten. This is not an exploit primitive by itself, but it can cause accidental data loss if a user reuses an existing destination path, especially given the concrete example paths that encourage direct copying.

Missing User Warnings

Medium

Confidence: 79% confidence
Finding: The script saves output directly to a user-supplied path without checking whether the destination already exists, which can silently overwrite important files accessible to the running user. In an agent or automation context, this becomes more dangerous because file paths may be generated or passed through without human review.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal