Back to skill

Security audit

md-ppt-generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Markdown-to-HTML slideshow generator with no evidence of hidden data access, external calls, or privileged behavior.

Reasonable to install for generating local HTML slide decks from Markdown. Expect a highly opinionated Chinese, dark cinematic product-launch style unless you explicitly request otherwise, and review generated HTML before sharing or opening decks created from untrusted Markdown.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broad and lacks precise activation boundaries, so it could be invoked for generic Markdown, HTML, or presentation-related requests that the user did not intend for this specialized transformer. In an agentic environment, overly broad routing can cause unintended file transformations, style overrides, or processing of sensitive content in the wrong skill context.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill strongly enforces a specific language and aesthetic style without offering a user-choice mechanism, which can override user preferences or produce culturally mismatched output. While this is not a classic code-execution issue, in multi-user or automated agent settings it can create unauthorized content shaping, reduce usability, and cause policy or brand-alignment problems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.