Ai Slide Generator

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates new PPTs through a remote AIPPT service, but users should understand it sends their prompt and uses an AIPPT credential.

Install only if you are comfortable sending PPT prompt content to the AIPPT/智绘高迪 service through the local auth gateway and using an authorized AIPPT credential. Avoid confidential or regulated material in prompts, and expect generation to consume service credits until stopped from the returned workspace link.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill instructs the agent to run shell commands and pass user-controlled content through environment variables, but it does not declare any permissions. This creates a trust and review gap: a caller may not realize the skill can execute commands or transmit user input to a remote service, increasing the chance of unsafe execution or data exfiltration through undeclared capabilities.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The script’s comments say the gateway injects provider credentials automatically, but the implementation separately retrieves an AIPPT API key and sends it in the X-API-Key header. This creates unnecessary secret handling and expands credential exposure to the local shell environment, helper script, and network path; if the proxy or logs are compromised, the extra credential can be leaked or misused.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The mismatch between comments and behavior is a security-relevant documentation flaw: reviewers and users are told only prompt/modelId are transmitted, while the code also fetches and forwards an API key. This can cause operators to underestimate credential handling risk and approve or run the skill under false assumptions.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger phrases include broad everyday requests such as '帮我做个PPT', which can match many ordinary conversations and cause this skill to activate unexpectedly. Because the skill invokes a remote API and may consume credits/background resources, over-broad triggering can lead to unintended external requests, cost incurrence, and disclosure of user-provided content to a third party.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The script sends user-provided prompt content and credentials to a remote service without any explicit notice, confirmation, or data-sensitivity guardrails. In this skill’s context, users may paste confidential business content into PPT prompts, so silent external transmission increases privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal