Felo Slides

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Felo slide-generation helper, but slide prompts and an API key are sent to Felo's external service.

Install only if you are comfortable sending slide prompts and any included presentation content to Felo under your Felo API key. Avoid confidential or regulated material unless Felo's terms fit your needs, and make sure FELO_API_BASE is not set to an unexpected endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to send the user's prompt to Felo's external API, but it does not require an explicit user-facing notice or consent step before transmitting potentially sensitive content off-platform. In an agent setting, users may reasonably assume their prompt stays within the current environment, so silently forwarding data can expose confidential, personal, or proprietary information to a third party.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal