PPT Generator

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates HTML slide decks and its file/image handling is expected for that purpose, with no evidence of hidden access or unsafe behavior.

Install only if you are comfortable having any uploaded reference images or files used to build the presentation. For sensitive or offline presentations, ask the agent to avoid external CDN assets and keep the generated HTML self-contained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly states it will download user-uploaded reference images/files and save the generated HTML locally before sending it back, but it does not tell the user about these storage and transfer actions or seek explicit consent. This creates a privacy and data-handling transparency issue, especially because uploaded files may contain sensitive content and locally saved HTML may persist beyond the task lifecycle.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal