Back to skill

Security audit

PPT生成兼容性修复

Security checks across malware telemetry and agentic risk

Overview

This skill is a focused PowerPoint compatibility fixer, but users should run it on copies because it can rewrite PPTX files and remove notes-related parts.

Install only if you work with pptxgenjs-generated PPTX files. Run the fixer with a separate output filename or on a backup copy, especially if the presentation has speaker notes or irreplaceable content, because the script rewrites the PPTX package and may remove notes-related parts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger condition is broad enough to activate on generic mentions of PPT or pptxgenjs, which can cause the wrong skill to be invoked in unrelated contexts. In an agent system, over-broad activation can steer workflows toward unnecessary file modification or advice that deletes notes-related content, creating integrity and availability issues even if not a classic code-execution flaw.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.