academic-presentation-学术汇报全自动化-只需提供论文（PDF 或文本），即可自动生成翻译稿、总结稿、PPT 和演讲稿，所有文件完成后自动发送到微信

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised academic-document workflow, but it can send sensitive paper-derived files to external PPT services and WeChat with weak final consent controls and a conflicting privacy claim.

Review before installing. Use this only for papers you are comfortable sending to the selected PPT provider and through WeChat, verify the recipient and API-key settings, and prefer skip-PPT or local-only handling for confidential, unpublished, or restricted documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (13)

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The README claims generated content will not be uploaded to any third-party server, but earlier sections explicitly state the workflow calls external PPT generation APIs such as anygen.io or gamma.app. This is a misleading security assurance that can cause users to share sensitive papers or unpublished research under false assumptions about data handling.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill stores a user's WeChat openid in a persistent local config file even though that identifier is only needed to deliver generated files. Persisting a stable messaging identifier increases privacy risk, enables unintended reuse across future runs, and creates a local disclosure target if the host or config directory is accessed by other processes or users.

Vague Triggers

Medium

Confidence: 74% confidence
Finding: The trigger phrase set includes broad phrases like '帮我做PPT' that can match ordinary conversation and unintentionally activate the workflow. Because the skill processes documents and can later send outputs externally or via WeChat, accidental activation increases the risk of unintended data processing and disclosure.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The README prominently advertises automatic sending of all generated files to WeChat but does not give a clear privacy warning about what content leaves the local environment. Since outputs may contain full translations, summaries, and presentation material derived from private papers, automatic transmission creates a meaningful risk of unintended disclosure.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The README describes use of external PPT APIs without clearly warning that paper content, summaries, or outlines may be transmitted to third-party providers. In this skill's context, users may submit unpublished academic manuscripts or confidential research, making undisclosed third-party sharing particularly sensitive.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases in metadata are broad enough to match common requests such as making a PPT or doing a presentation, which can cause accidental activation outside the user's intended scope. In this skill, accidental activation is more dangerous because the workflow includes document processing and downstream transmission to external services and WeChat.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The quick-trigger list contains ambiguous phrases like '帮我做PPT' and '论文转PPT' that overlap with ordinary assistant usage. Because this skill can automatically package and send outputs externally, loose activation raises the chance of unintended data handling and disclosure.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The top-level description advertises automated academic presentation generation but does not clearly warn that generated files will be automatically sent to WeChat. Users may provide sensitive unpublished papers or proprietary documents without realizing the workflow includes external transmission, creating a meaningful informed-consent failure.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The workflow explicitly auto-sends all generated materials to WeChat after creation, but the skill does not require a dedicated consent checkpoint immediately before transmission. This is dangerous because the generated files may contain the user's paper content, translations, summaries, and presentation notes, all of which may be sensitive or unpublished.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger list includes broad phrases such as '做PPT' that can match ordinary user requests unrelated to this specific academic workflow. In an agent ecosystem, overly broad activation increases the chance the skill is invoked unexpectedly, causing unintentional document processing or downstream actions like file generation and WeChat delivery without clear user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The description prominently advertises automatic sending of generated files to WeChat but does not present a clear user warning or explicit-consent boundary in the metadata. Because the skill handles user-supplied papers and produces multiple artifacts, automatic outbound transmission to an external messaging platform creates a meaningful risk of unintended data disclosure, especially for unpublished or sensitive research.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases include very broad terms such as “做PPT”, “学术PPT”, and “汇报PPT”, which can match many ordinary user requests unrelated to this specific high-privilege automation workflow. In a skill that automatically transforms papers into multiple artifacts and sends outputs to WeChat, overbroad activation increases the chance of unintended invocation, accidental data processing, or unapproved exfiltration of user content.

Ssd 3

Medium

Confidence: 97% confidence
Finding: Automatically sending all generated documents to WeChat creates a natural-language data exfiltration path because user-provided content is transformed into files and then transmitted without an explicit final confirmation. The context makes this more serious because academic papers often include confidential, unpublished, or proprietary material.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal