Security audit

ZM PPTX 创建与编辑工具

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only PPTX workflow skill for creating and checking user-provided slide decks, with no executable code, hidden persistence, or credential use.

Install this if you want an agent to help create, inspect, or edit PPTX decks. Expect it to read and modify the presentation files you provide, including notes, comments, media, templates, and charts, and review generated outputs before using them in formal work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill mandates only three Chinese-language status outputs and does not provide any language choice or opt-in. In an agent workflow, hard-coding response language and status formatting can cause downstream misinterpretation, failed integrations, or reviewer confusion when operators expect localized or user-selected output, especially in mixed-language environments.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal