Security audit

Interior Design PPT Generator

Security checks across malware telemetry and agentic risk

Overview

This is a local PowerPoint generator that reads a user-selected image folder and writes a presentation, with no evidence of hidden data access or exfiltration.

Safe to install for creating interior-design presentation drafts from local images. Before sending output to a client, review the generated slides because the tool inserts preset Chinese text, room names, material descriptions, and the publisher branding "温州隐室空间设计 / 老冷" unless the code is edited.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill promises a straightforward image-to-PPT workflow, but the analyzed behavior adds unrelated hardcoded pages, fixed branding/signatures, and preset content not derived from user input. This can mislead users about what will be produced, causing unwanted disclosure, brand contamination, or client-facing documents containing unauthorized names/content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal