Slide Deck

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward slide-deck generator that writes a local HTML presentation and uses reveal.js from a CDN, with no evidence of hidden or destructive behavior.

Install if you want an agent helper for creating HTML slide decks. Review generated files before sharing, especially speaker notes, avoid overwriting important files, and remember that opened decks fetch reveal.js assets from jsDelivr unless you replace them with local copies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are very broad and map to common presentation-related requests, which can cause the skill to activate in situations where the user did not explicitly intend to invoke this specific behavior. In an agentic environment, unintended invocation can lead to surprising file generation, content transformation, or downstream actions based on the skill's rules.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs that output is saved as a file in the current directory, but the user-facing description does not clearly disclose this write-to-disk behavior. Hidden or unclear file creation is risky because users may expect text-only assistance while the agent performs a state-changing filesystem action, which can overwrite files, create artifacts in sensitive directories, or violate execution expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal