Back to skill

Security audit

HTML Interactive Presentation

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Markdown-to-presentation workflow, with expected optional use of third-party image and speech services.

Safe to install for normal use, but do not run it on confidential Markdown unless you are comfortable sending derived prompts or narration text to MiniMax or another selected media provider. Review any external scaffold or synthesis scripts before executing them, since they are referenced but not included in this package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly promotes sending article content to external image and speech synthesis providers, but it does not warn users that their Markdown text and derived narration may be transmitted to third-party services. In a skill that processes arbitrary user documents, this can cause unintended disclosure of sensitive or proprietary content, especially when agents automate the workflow without an explicit consent checkpoint.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.