ppt-visual-designer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese PPT design skill with no installer, hidden execution, credential access, persistence, or sensitive data handling.

Install this if you want a Chinese-language Block-style PPT design helper. Review any generated HTML or python-pptx code before running it, and avoid pasting sensitive business material unless you are comfortable using it as presentation input.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill advertises activation on very broad terms such as any mention of 'block' or general PPT/slides creation, which can cause unintended routing and override more appropriate skills or default behavior. Over-broad triggering is dangerous because it lets a formatting-focused skill capture unrelated requests, increasing the chance of incorrect task execution, instruction interference, or user confusion.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The skill content is written to consistently operate in Chinese and does not provide a mechanism to preserve or adapt to the user's language preference. Forcing a language without opt-in can degrade reliability, cause misunderstanding of generated code or presentation content, and create unsafe instruction-following behavior when the user explicitly expects another language.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal