Ppt Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent PPT/SVG slide-generation helper with no evidence of hidden access, credential use, persistence, exfiltration, or destructive behavior.

Reasonable to install for generating PPT outlines and editable SVG slides. Run the optional Python script only with input files you trust and an output directory where creating or overwriting page_XX.svg files is acceptable; review generated slide facts before using them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill instructs the agent to read prompt files and references an SVG generation script, which implies file read/write capabilities despite not declaring any permissions. Undeclared capabilities reduce transparency and can lead to unintended file system access if the agent runtime grants broader access than users expect.

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The trigger conditions are broad enough to activate on many ordinary presentation-related requests, increasing the chance the skill runs in contexts where it was not specifically intended. Over-broad invocation can cause prompt hijacking of unrelated tasks, unnecessary file access, or generation behavior that overrides safer/default agent behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal