Back to skill

Security audit

Slides Cog

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed CellCog presentation generator, with the main user consideration being that prompts and deck content go to an external service.

Install this only if you trust CellCog and are comfortable sending slide prompts, attached materials, metrics, and generated presentation content to that provider. Use a revocable API key and avoid secrets, regulated data, or confidential business/customer information unless your organization has approved that use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill clearly depends on a remote CellCog service and an API key, and the examples encourage sending user prompts and deck content to that external provider, but the skill does not explicitly warn users that their prompts, business data, metrics, or uploaded materials may leave the local environment. For a presentation tool, users may include confidential investor, financial, customer, or internal strategy information, so the omission can lead to unintended third-party data disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.