Haixian Ppt Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a disclosed HTML slide-deck generator, but users should ignore its author-specific local reference path unless they explicitly provide that file.

Install only if you want an agent to create and edit HTML slide decks. Do not let it open the hardcoded /Users/guohao/... reference file unless you intentionally have that file and want it used; rely on the bundled templates and references instead. Expect generated decks to load external fonts, icons, animation libraries, and optional map tiles when opened in a browser.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The document directs the agent to use a host-specific absolute path as the 'golden source', which expands a PPT layout skill into accessing local filesystem content outside its declared scope. In an agent setting, this can cause unauthorized local file discovery or exposure of user-specific paths and nearby sensitive project data.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The instruction to run a local Node.js validation command gives the skill an unnecessary code-execution step unrelated to merely describing layouts. In an agent environment, normalizing shell execution from documentation can lead to unintended execution of local scripts with the user's privileges.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The review workflow tells the agent to open and compare local files from a user-specific absolute path, extending the skill into local file inspection beyond PPT generation. This creates unnecessary access pressure on local content and may expose sensitive material in the referenced directories.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The file explicitly instructs the agent to tell the user a fixed Chinese phrase after theme selection, without checking the user's preferred language. This can override user expectations, reduce accessibility, and cause undesirable behavior in multilingual contexts, especially if the surrounding system otherwise supports language negotiation.

Ssd 3

Medium

Confidence: 94% confidence
Finding: Using a user-specific absolute path as a required reference source encourages the agent to inspect local data outside the skill bundle. In context, a layout guide does not need filesystem discovery, so this is an unjustified expansion of access that increases privacy and data-leakage risk.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The workflow explicitly directs opening and comparing a local PPT from a host-specific path, which can expose sensitive local project content during analysis. Because this is a presentation-layout skill, the instruction is out of scope and materially increases privacy risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal