YouMind PPT

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed PPT-generation helper with ordinary image-generation and slide-building steps, though users should review dependency installs and avoid sensitive outline content in external image prompts.

Install this as a normal presentation-building skill, but run it in a project or temporary directory, review any npm or pip dependency installs before allowing them, and do not include confidential outline details in prompts unless your configured image-generation provider is acceptable for that data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger description is overly broad, including generic phrases like '可爱插画风的 PPT', '有 IP 角色贯穿的演示文稿', and '像信息图一样的 PPT'. This can cause the skill to activate for ordinary PPT requests that do not specifically require this workflow, leading to misrouting, unintended tool use, and unexpected generation behavior. In agent systems, overly permissive activation criteria increase the attack surface by making it easier to coerce execution in unrelated contexts.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal