NanoBanana PPT Skills

The skill bundle exhibits several risky capabilities without clear evidence of intentional malicious behavior, leading to a 'suspicious' classification. Key indicators include the ability to read arbitrary local files (e.g., user documents) as input, as explicitly stated in `SKILL.md` ('使用 Read 工具读取文件内容'). This broad file access, combined with the skill's functionality to send user-provided content and images (base64 encoded) to multiple external AI services (Google Gemini, Kling AI, Claude AI via `kling_api.py` and `transition_prompt_generator.py`), presents a potential data exfiltration risk if the AI agent itself were compromised by a prompt injection. Furthermore, the `transition_prompt_generator.py` directly embeds a `content_context` (which could originate from user input processed by the agent) into the prompt sent to Claude, creating a potential prompt injection vector against the downstream AI. While `ffmpeg` is used for legitimate video processing in `video_composer.py`, its execution via `subprocess.run` adds to the overall risk profile due to its powerful system access.