Mindshow AIPPT Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Mindshow/AIPPT API client for generating PPTs, with expected token use and file uploads disclosed for that purpose.

Install only if you intend to use Mindshow/AIPPT and are comfortable sending prompts, generated content, and any selected source files to that service. Do not upload sensitive or regulated documents unless you have authorization, and use the delete or template-changing API endpoints only when you explicitly mean to modify your AIPPT account data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill tells the agent to upload local user files to the AIPPT service and notes that the service extracts text from common document types, but it does not require a clear user-facing warning or consent flow before transmission. Because uploaded documents may contain sensitive business, personal, or regulated data, this can cause unintended disclosure to a third-party processor.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal