iFLYTEK AI PPT Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a real iFLYTEK PPT generator, but it contains under-documented paths that can send local files or document URLs to a third-party service.

Review before installing. Use this only if you are comfortable sending presentation topics and generated content requests to iFLYTEK with your API credentials. Do not invoke or expose the document-outline helper for confidential local files or private URLs unless your organization has approved that data flow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill declares no permissions while clearly requiring environment variables and making network-backed API calls to an external PPT service. This under-declaration is dangerous because operators and downstream agents cannot accurately assess what data leaves the system or what capabilities the skill will exercise at runtime.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The documented purpose presents the skill as simple topic-to-PPT generation, but the detected behavior includes file uploads, external URL submission, outline generation from documents, asynchronous polling, and returning result URLs. That mismatch is security-relevant because users may provide sensitive documents or URLs without realizing the skill can transmit them to a third-party service and expose additional attack surface beyond the stated use case.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill metadata says it generates PPTs from optimized topic keywords, but the implementation also supports document-based outline generation from local files or remote file URLs. This hidden expansion of capability violates least surprise and broadens the data-access surface beyond what a user or reviewer would expect from the manifest.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: This code opens an arbitrary local file path and uploads its contents to a third-party API, which creates a real exfiltration path for local data. In an agent skill advertised as keyword-based PPT generation, that capability is unjustified and materially increases the risk of sensitive file disclosure.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill accepts arbitrary remote file URLs for document ingestion, enabling users or upstream agents to cause third-party retrieval of untrusted content outside the declared keyword-based scope. This expands the system's data flow and can be abused to process unintended resources without transparent disclosure.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill requires API credentials and interacts with an external service, but the documentation does not warn that prompts, topics, uploaded documents, or generated artifacts may be transmitted off-platform. This omission can lead users to unknowingly send confidential business or training material to a third party and mishandle secrets required for access.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: User-provided prompt content is transmitted to an external PPT-generation API, but the code provides no explicit warning, consent step, or privacy disclosure before doing so. This is dangerous because users may submit confidential business, personal, or regulated information under the assumption processing is local.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The document-outline flow can send the contents of a local file to a remote API without any explicit warning that the file leaves the local environment. That creates a high-risk confidentiality issue, especially if users provide internal documents, credentials, client data, or proprietary materials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal