生成每日金融市场 PPT 简报

Security checks across malware telemetry and agentic risk

Overview

This skill appears to generate a finance-market PowerPoint from local report files, with no evidence of credential theft, network exfiltration, or destructive behavior.

Install this only if you want an agent to generate the specific daily financial market PPT workflow using your local E:\daily files and workspace-yoyo config. Be aware that generic PPT requests may invoke it; confirm intent before running it for unrelated presentation tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases are broad enough to match common user requests like '生成 PPT' or '制作 PPT', which can cause this skill to activate outside its narrow intended use. That can route unrelated requests into a workflow that reads local files and writes outputs, creating unintended file access or incorrect automation in response to generic prompts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal