Back to skill

Security audit

Prezentit

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Prezentit integration for generating presentations, with disclosed API-key use, scoped network access, and no hidden local code or persistence.

Install this if you intend to use Prezentit and are comfortable sending presentation content to its API. Use a Prezentit-specific API key, avoid confidential or regulated content unless approved, and ask your agent to show the expected credit cost and wait for your confirmation before generating or retrying a presentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill clearly documents that presentation generation consumes credits, but it instructs the agent to proceed through a generation workflow without an explicit user-confirmation step immediately before the paid API call. In an agent setting, this can lead to unintended spending if the model autonomously triggers generation after checking credits, especially because the API key enables billable actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.