PowerPoint Automation

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward local PowerPoint/WPS automation helper, with disclosed file editing and export behavior controlled by user-supplied paths.

Install only if you need local PowerPoint/WPS automation on Windows. Use trusted package sources for pywin32, prefer saving modified presentations and exports to new paths, and treat extracted text, notes, PDFs, and images as potentially sensitive files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents destructive or file-writing actions such as replace, insert/delete slide, font/theme changes, and export/save operations without warning users about overwriting files, altering originals, or writing sensitive content to disk. In a presentation automation context, this can lead to accidental data loss, unintended modification of important documents, or leakage of extracted content to insecure locations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal