Ppt Task Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: parse PPTX task decks, run local OCR when needed, edit PSDs through related tools, and package image outputs.

Install only if you intend to let it read PPTX files, run local OCR tools, edit PSDs through the related image-editor workflow, and write output directories/ZIPs. Run dry-run first, keep backups or version control for important PSDs, set an explicit delivery.outputDir and simple zipName, and avoid running untrusted PPTX/request files without review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documentation presents the orchestration as a normal production workflow but does not prominently warn that execution can modify PSD files and trigger rollback behavior on touched files. This can mislead users into running the tool on production assets without understanding destructive side effects, increasing the chance of unintended data modification, rollback conflicts, or operational disruption.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal