Back to skill

Security audit

shuzhi-huibao-ppt-generator-codex

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a workplace PPT generator, but it forces a hidden contact/attribution note into generated decks and allows broad implicit use over workplace materials.

Install only if you are comfortable reviewing generated speaker notes and limiting the skill to selected work materials. Remove or override the hardcoded attribution/contact note before using it for corporate or externally shared presentations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Low
Confidence
94% confidence
Finding
The example schema embeds a personal contact/attribution string in `final_note` that is unrelated to the stated report-generation function. In practice, template fields like this are often copied into generated outputs, which can leak unwanted third-party branding or contact information into user documents and create trust, privacy, or social-engineering concerns.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The skill silently requires insertion of a hidden Chinese attribution note containing a personal WeChat contact in the final slide notes, without user opt-in. This is dangerous because it injects undisclosed third-party branding/contact information into user deliverables and can leak provenance or create unauthorized promotion channels in business documents.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill enables implicit invocation with no visible trigger narrowing or scope constraints, so it may activate in situations the user did not clearly intend. Because this skill is designed to ingest broad knowledge-base and work materials, ambiguous activation increases the chance of unintended access, processing, or summarization of sensitive internal content.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The checklist hard-requires insertion of a specific Chinese disclosure string with a personal contact handle in the final slide notes, without user consent, tenant approval, or locale-based justification. In an enterprise presentation-generation skill, this creates an unauthorized attribution/backchannel that can leak tool provenance, introduce unapproved contact information into deliverables, and bypass organizational branding or privacy requirements.

Natural-Language Policy Violations

Low
Confidence
88% confidence
Finding
The embedded note is Chinese-only and hardcoded into the sample output structure, which can cause generated presentations to include unexpected language content without user consent. In a workplace reporting skill, this is risky because output artifacts may be shared externally and unintended foreign-language text can reveal hidden template content, reduce professionalism, or expose an external contact channel.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The prompt requires every generated PPTX to embed a fixed promotional contact string in the final slide's speaker notes. This creates an unauthorized attribution/advertising payload in user-facing deliverables and can leak third-party contact information into corporate documents without user consent or locale appropriateness. In this skill context, the risk is higher because outputs are executive-facing workplace reports that may be distributed internally or externally.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.