Back to skill

Security audit

Baidu Wenku AIPPT

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Baidu AI PowerPoint generator that sends user-provided PPT topics to Baidu to create a deck.

Install only if you are comfortable using a Baidu API key and sending PPT topics or supplied content to Baidu for processing and remote PPT generation. Avoid confidential, regulated, or sensitive material unless that data sharing is allowed by your organization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes PPT generation but does not clearly warn that the user's topic and possibly supplied content are transmitted to Baidu's external API for processing. This can expose sensitive business, educational, or personal material to a third party without informed consent, which is especially risky given the skill's purpose is to upload user-provided content for AI generation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.