Back to skill

Security audit

Guizang HTML to PPTX

Security checks across malware telemetry and agentic risk

Overview

This is a narrow HTML-deck export helper whose local file reads and generated PPTX/QA files fit its stated purpose.

Install this when you want an agent to read a guizang HTML deck and produce an editable PPTX. Run it in the intended project directory, review any generated or modified export script before reusing it, and check output filenames if overwriting existing PPTX or QA files would matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger language is broad enough to match generic export or conversion requests, which can cause the wrong skill to activate outside its intended guizang-HTML-deck context. That creates scope confusion and may lead the agent to inspect unrelated project files or generate outputs the user did not intend, especially because the skill also defaults to searching the working directory for likely decks.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The skill directs the agent to create export scripts, PPTX files, PDFs, and PNG QA artifacts in the project tree without clearly warning the user that files may be written or overwritten. While this is normal for an export workflow, the lack of explicit disclosure and overwrite safeguards can still cause unintended file modification or clutter in a repository.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.