bitsoul ppt 制作器

Security checks across malware telemetry and agentic risk

Overview

This is a simple presentation-generation instruction skill with no hidden installer, credential use, persistence, or destructive behavior evident in the artifact.

Install this if you specifically want Chinese, vertical, minimalist PPT-style HTML output. Review generated HTML before sharing or presenting, especially because it may load CDN scripts, and clarify language/style expectations when your request is ambiguous.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description triggers on a very broad condition ('when the user needs to generate PPT'), which can cause the agent to invoke this skill in situations where the user did not explicitly ask for this specific behavior or format. Over-broad routing can lead to unintended instruction takeover, reducing user control and causing mismatched output, especially because the skill imposes a fixed style and workflow.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill metadata and content mandate Chinese-language output without checking the user's language preference, which can override the user's requested language and degrade reliability or usability. In agent settings, forced language behavior is risky because it can silently conflict with system/user instructions and produce inaccessible or non-compliant responses.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal