Ppt Auto Generator Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple AI presentation generator with disclosed file-output behavior and no executable code or hidden persistence found.

Use a dedicated output folder, avoid overwriting important presentations without checking the output path, and do not submit confidential presentation content until you understand which OpenAI account or provider will process it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill exposes very broad natural-language invocation patterns such as generating PPTs, outlines, batch output, and template application without defining when the skill should or should not activate. In an agent setting, this can cause unintended invocation on loosely related user requests and lead to unexpected file creation or modification, especially because the commands include output paths and file transforms.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill describes operations that write new files and modify existing presentation files, but it does not warn users that invoking the skill may create artifacts in directories or overwrite/transform documents. In an autonomous or semi-autonomous agent environment, missing warnings reduce informed consent and increase the risk of unintended data loss, clutter, or modification of important files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal