Marp Slide Show/Deck Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Marp slide-deck generator that creates local presentation files from user-provided material.

Install this if you want an agent to create and render Marp presentations. Treat generated slide files as persistent local copies of the source material, and review the npm dependency as you would any CLI tool before installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill explicitly claims it should work from "almost any information," which creates an excessively broad activation scope and increases the chance the agent will apply the skill to sensitive, irrelevant, or unsafe inputs without clear boundaries. In a presentation-generation skill, this can lead to over-collection and transformation of confidential material into rendered artifacts.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill defaults to rendering output files and retaining source decks on disk, but it does not clearly warn that artifacts will be created and persisted. This can expose sensitive input content through local files such as .html, .pdf, .pptx, or .slides.md, especially when the source material includes logs, notes, or internal documents.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal