PPTX Parse

Security checks across malware telemetry and agentic risk

Overview

This appears to be a document-to-presentation helper that uses an external parsing/generation service, with the main risk being privacy awareness rather than hidden or malicious behavior.

Install only if you are comfortable sending PPT inputs, uploaded documents, URLs, and generated presentation content to the external service used by the skill. Avoid confidential corporate, legal, medical, or customer documents unless that provider is approved for your data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly advertises URL-based input but does not warn that using a remote parsing service may transmit presentation contents, metadata, or fetched URL resources to an external provider. In a document-processing skill, this omission can lead users to unintentionally send sensitive corporate slide decks or internal URLs off-host, creating confidentiality and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal