Back to skill

Security audit

PopAI Presentation Slides

Security checks across malware telemetry and agentic risk

Overview

This PopAI slide-generation skill appears purpose-aligned, but it needs review because it encourages storing a PopAI access token in a plaintext agent memory file.

Install only if you are comfortable sending presentation prompts, URLs, templates, and selected reference files to PopAI and S3. Use a protected environment variable or secret manager for POPAI_ACCESS_TOKEN, do not save the token in TOOLS.md, and rotate the token if it was already stored or shared.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation description is broad enough to match many ordinary requests about slides or decks, which can cause the agent to invoke a third-party remote service by default. In this context, over-broad routing increases the chance that user content is sent externally without a clear, informed handoff.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill says the API will automatically search, collect, and process content, and may fetch URLs and upload files, but it does not prominently warn users that their prompts, files, and referenced links are sent to PopAI for remote processing. That creates a meaningful privacy and data-handling risk, especially if users provide confidential documents or internal URLs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instruction to save the access token in TOOLS.md encourages insecure credential storage in a general tool memory file without any warning about secrecy, access controls, or retention. This increases the likelihood of accidental disclosure to future runs, logs, other tools, or unauthorized users.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill uploads local files and sends associated metadata and user prompts to external PopAI/S3 services, but the code provides no explicit user-facing warning or consent mechanism beyond CLI flags. In an agent context, this can cause unintended disclosure of sensitive documents, filenames, hashes, or prompt contents to third-party infrastructure.

Ssd 3

Medium
Confidence
99% confidence
Finding
Persisting a user's API access token for future use creates an unnecessary long-lived secret in agent-managed storage. If that memory file is later exposed, reused across contexts, or read by other components, an attacker could use the token to access the user's PopAI account or consume billable resources.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.