html-ppt-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent HTML slide-deck generator, with minor privacy and expectation notes around remote fonts, broad PPT triggering, and saved output files.

Install this if you want agents to produce browser-based HTML slide decks. Be aware that generated decks may load Google Fonts when opened and that the skill prefers HTML output for generic PPT requests, so ask clearly for .pptx if that is required.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

Low

Confidence: 93% confidence
Finding: The template fetches Google Fonts from external domains, which causes network access, leaks viewer metadata such as IP address and user agent, and creates a third-party dependency in what is otherwise a local HTML slide template. In this skill context, that is a real but low-severity issue because the file may be opened locally and unexpectedly contact external services, though it does not by itself enable code execution or direct compromise.

Vague Triggers

High

Confidence: 91% confidence
Finding: The skill mandates activation for a very broad set of common PPT-related requests and says it must trigger even when the user does not specify format. This can override user intent and cause the agent to invoke the skill outside an appropriately scoped context, increasing the chance of unintended file generation, web content creation, or bypass of safer/default workflows.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to write generated files to /mnt/user-data/outputs/ and present them without any user-facing notice or consent step. In an agent environment, undisclosed file writes are a security and privacy concern because they create persistent artifacts on user storage and may surprise users who expected only an inline response.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal