Back to skill

Security audit

Jackyshen Gen Pptx

Security checks across malware telemetry and agentic risk

Overview

This is a presentation-generation skill whose file, command, image, and QA workflows are disclosed and fit the PPTX purpose, though users should keep control over optional image generation and dependency installs.

Install only if you want an agent to operate on PPTX files. Expect it to read presentation content, create files in the workspace, run PPTX/Node/Python tooling, and optionally use image-generation or remote image sources for visuals; ask the agent to avoid external image generation or package installs when you need a local-only workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is scoped for .pptx handling, but this section mandates cross-skill orchestration, image-generation workflows, external tool invocation, file downloads, and code execution beyond the core presentation task. This broadens the agent’s authority and attack surface, making it easier for adversarial prompts or embedded instructions to trigger unnecessary network/file operations and bypass least-privilege expectations.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The guide explicitly allows pulling images from remote URLs and encourages external image-generation/network sources even though the skill’s stated purpose is .pptx handling. Unnecessary remote fetches can leak sensitive context, import untrusted content, and create SSRF/data-exfiltration-style risks if URLs or prompts are attacker-controlled.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file contains contradictory instructions: it says not to create slides unless explicitly requested, yet later requires generating PPT code and final output. This inconsistency can cause an agent to ignore user intent boundaries and perform higher-impact actions than requested, including file creation and execution steps.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation presents a safety-style limitation, then later overrides it with active instructions to create and execute slide-generation code. That kind of internal policy conflict is dangerous because agents may follow the more operationally specific instructions, resulting in unauthorized file creation, tool use, or execution despite the earlier restriction.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger is extremely broad: it activates for nearly any mention of decks, slides, presentations, PPT, or any .pptx reference, regardless of user intent. This can cause inappropriate routing of ordinary conversations or unrelated tasks into a high-capability file-handling skill, increasing the chance of unnecessary file access, unintended tool use, or overcollection of presentation content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.