Pitch Deck Visuals

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent pitch-deck visual helper, but it depends on a third-party CLI and external generation services that users should trust before use.

Install this only if you trust inference.sh and are comfortable authenticating its CLI. Prefer manual verification of the installer and checksums, review generated infsh commands before running them, and avoid sending confidential pitch-deck details or real team likenesses unless the provider's privacy and retention terms are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs users to pipe a remote script directly into the shell and then use a remote service to process content, without a strong security warning. This creates supply-chain and remote-code-execution risk if the installer or distribution path is compromised, and it may also cause users to transmit proprietary pitch materials to an external service without informed consent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The team-headshot example encourages sending portrait-style prompts and potentially personal or biographical information to an external image-generation service without any privacy or consent notice. In a fundraising context, users may include real employee likeness, identity cues, or sensitive background details, creating unnecessary privacy, compliance, and reputational risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal