PPT制作

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward PowerPoint-generation skill with ordinary local file reads and writes for creating presentations.

Install the Python dependencies only in an environment you trust, choose output paths deliberately, avoid the demo mode if you do not want its hardcoded save location, and do not include passwords, tokens, private URLs, or other sensitive text in slide content or HTML previews.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Ssd 3

Medium

Confidence: 87% confidence
Finding: The add_html_snapshot function copies user-supplied HTML content directly into presentation slides, only truncating by length. If the HTML contains secrets, tokens, personal data, internal URLs, or embedded credentials, the generated PPT will preserve and disclose that information to anyone with access to the file; the PPT format can also make such leakage persistent and easy to redistribute.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal