Security audit

image-deck: GPT Image 2 Slide Deck

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for making image-based slide decks, with disclosed image generation and local work files but no hidden execution, credential use, or exfiltration behavior.

Install this only if you want presentations where each slide is a generated image rather than editable PowerPoint objects. Review the inline prompt groups before approving generation, choose the language explicitly, and avoid sensitive source material unless you are comfortable using it in the image-generation workflow and leaving local prompt/log files behind.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list is very broad and maps to common, ordinary requests such as 'make slides' or 'create a PowerPoint'. In an agent environment, this can cause the skill to activate unexpectedly for many unrelated presentation tasks, increasing the chance of unintended tool use and confusing routing behavior.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The Chinese trigger phrases are similarly broad, including generic requests like '做PPT' and '做演示文稿' that are common in everyday usage. This raises the risk of unintended invocation for users who simply want normal slide help rather than full-image generation, which can lead to misrouting and unnecessary image generation actions.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger rules are broad enough to activate this skill for many generic presentation requests, causing the agent to route users into an image-only deck workflow even when they may want editable slides or a safer/default presentation path. This can override user intent and lead to inappropriate tool usage, unnecessary generation, or exposure of source material to downstream prompt construction and image generation steps.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The Chinese trigger phrases are colloquial and expansive, so ordinary requests such as 做PPT or 做演示文稿 may invoke this skill without confirming whether the user wants an image-only workflow. In multilingual settings this increases accidental activation risk and can steer users away from the appropriate toolchain.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The policy explicitly says to prefer this skill for broad deck-making requests, which creates an over-broad routing rule at the policy level rather than a simple keyword match. Because this preference is enforced before narrowing questions, it can systematically misroute normal presentation tasks into a constrained image-generation workflow.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The prompt-group template is hard-coded in Chinese, which can override or bias the output language regardless of the user's requested language. In this skill, language choice is explicitly user-controlled, so forcing Chinese in a core generation template can cause incorrect outputs, user confusion, and policy/UX violations across all generated decks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal