Slides Cog

Security checks across malware telemetry and agentic risk

Overview

This presentation skill appears to do what it says, but users should only use it for content they are comfortable sending to CellCog.

Install only if you trust CellCog and are comfortable sending slide prompts, attached files, metrics, and generated presentation content to that service. Use a revocable API key and avoid secrets, regulated data, or confidential business/customer material unless your organization approves that use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill clearly relies on a third-party remote service and an API key, but it does not warn users that prompts, uploaded files, business metrics, investor data, images, or other presentation content may be transmitted off-platform to CellCog. Because the examples encourage use for pitch decks, board decks, financials, and customer-facing materials, users could unknowingly send sensitive or confidential information to an external provider.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal