Back to skill

Security audit

DeckLingo for PPTX

Security checks across malware telemetry and agentic risk

Overview

The skill appears to translate PowerPoint files as advertised, but it can send slide and speaker-note text to Google Translate without a clear consent step, so users should review it before using sensitive decks.

Install only if you are comfortable with editable slide text and optionally speaker notes, layouts, or masters being processed by a Google-backed translation dependency. Avoid using it on confidential, regulated, or customer-sensitive decks unless you first modify it to require explicit external-translation consent, pin dependencies, and confirm where translated text is sent and retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill clearly instructs the agent to invoke local Python scripts that read and write PPTX files and execute shell commands, but it does not declare corresponding permissions. This creates a trust and sandboxing gap: an agent runtime or reviewer may underestimate the skill's actual capabilities, increasing the risk of unintended file access or execution of unreviewed local code.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The code constructs a deep_translator GoogleTranslator and later uses it to translate extracted slide text, which sends presentation content to an external service. Because PPTX files often contain confidential business material, transmitting that content off-host without clear disclosure or consent creates a real data exposure risk, even if the behavior is functionally intended.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill enables implicit invocation without defining any trigger constraints, exclusions, or contextual safeguards. This can cause the agent to auto-select the skill in situations where the user did not clearly intend to process a PowerPoint deck, potentially exposing sensitive slide content to the skill or causing unintended actions in broader workflows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
At the point where rewrite_pptx is invoked, the script processes user-supplied deck contents and ultimately transmits matched paragraph text to the external translator without any in-code warning, confirmation, or privacy notice. In this skill context, users may reasonably expect a file transformation utility, not external exfiltration of slide and notes text, so the lack of disclosure materially increases privacy and compliance risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
lxml>=5.0.0
deep-translator>=1.11.4
Confidence
97% confidence
Finding
lxml>=5.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
lxml>=5.0.0
deep-translator>=1.11.4
Confidence
97% confidence
Finding
deep-translator>=1.11.4

Known Vulnerable Dependency: lxml — 10 advisory(ies): CVE-2021-43818 (lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through); CVE-2014-3146 (lxml Cross-site Scripting Via Control Characters); CVE-2021-28957 (lxml vulnerable to Cross-Site Scripting ) +7 more

High
Category
Supply Chain
Confidence
83% confidence
Finding
lxml

Known Vulnerable Dependency: deep-translator — 1 advisory(ies): PYSEC-2022-252 (The deep-translator project on PyPI was taken over via user account compromise v)

High
Category
Supply Chain
Confidence
95% confidence
Finding
deep-translator

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.