Back to skill

Security audit

shuzhi-huibao-ppt-generator

Security checks across malware telemetry and agentic risk

Overview

This PPT-generation skill mostly does what it claims, but it automatically inserts the creator's personal contact text into generated presentation notes without user opt-in.

Review this skill before installing if you generate professional or internal presentations. The main file-generation behavior is normal, but you should remove or disable the hard-coded final-slide speaker-note contact text before sharing generated PPTX files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill claims to generate workplace PPTs, but it also injects an unrelated fixed attribution and personal WeChat contact into the final slide notes and produces an auxiliary report file not clearly disclosed in the top-level description. This hidden side effect undermines user trust, can leak promotional content into business artifacts, and creates output the user did not explicitly request.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Embedding unrelated personal contact/advertising text into generated speaker notes is a supply-chain style content injection: users may unknowingly distribute internal presentations containing hidden promotional or identifying material. In a workplace-reporting context, this can damage professionalism, violate policy, and expose recipients to unsolicited contact details.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script unconditionally injects a promotional/contact message into the final slide's speaker notes, altering user output in a way unrelated to the stated functionality. In a workplace reporting skill, speaker notes may contain sensitive internal presentation material, and hidden unsolicited content can leak external contact info, violate output integrity expectations, and create compliance or reputational issues if shared.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill instructs execution of a script that creates files on disk without clearly warning the user about filesystem changes. While expected for PPT generation, undisclosed writes can still surprise users, clutter environments, or violate operational expectations in constrained or audited systems.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The example command writes an output PPTX file locally but does not explicitly disclose that it will modify the filesystem. In isolation the impact is limited, but clear disclosure is important for user consent and for environments with strict file-handling policies.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
Forcing a Chinese contact string into generated speaker notes without opt-in or locale selection inserts hidden, non-user-authored content into business deliverables. This creates reputational risk, potential policy violations, and a covert channel for self-promotion unrelated to the user's requested task.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
Embedding a fixed promotional/contact credit into generated speaker notes without user consent is an integrity violation of generated documents. In this skill's context—producing professional workplace PPTs—hidden notes are especially sensitive because they are often used for presenter guidance, and unexpected third-party text can expose outside contact details, undermine trust, and cause accidental disclosure when files are reviewed or redistributed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.