PPT生成器

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local PowerPoint helper whose file and command access generally matches creating, editing, converting, and checking .pptx files.

Install this only if you want an agent to work with local PowerPoint files. Run it on copies of important decks, confirm input and output paths before unpacking, cleaning, or packing, and avoid processing untrusted Office files without sandboxing because the unpacker does not enforce explicit archive size/path limits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill advertises shell, file read/write, and environment-dependent operations but does not declare permissions or capability boundaries. That creates a trust gap: an agent may invoke powerful local actions without clear policy review, increasing the risk of unintended file access, command execution, or environment misuse when processing untrusted presentation files or paths.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The skill is presented as PPTX-focused, but the referenced tooling appears capable of handling broader Office formats and generic LibreOffice operations. This mismatch is dangerous because users and policy systems may grant trust based on a narrow PPTX scope while the implementation can touch DOCX/XLSX or invoke more general document-conversion behavior, expanding the attack surface beyond what is disclosed.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The function accepts arbitrary DOCX, PPTX, and XLSX ZIP-based Office files and extracts them with zipfile.extractall() into a caller-controlled directory without validating archive member paths or sizes. In an agent skill advertised as PPTX-specific, this expanded file-type surface makes malicious input more dangerous because it encourages processing of unexpected formats and increases exposure to archive-based attacks such as path traversal or resource exhaustion.

Vague Triggers

High

Confidence: 91% confidence
Finding: The trigger rules are overly broad, including common terms like 'deck,' 'slides,' and 'presentation,' which can cause the skill to activate in unrelated contexts. Unnecessary activation matters here because the skill carries file, shell, and document-processing capabilities; broad triggering increases the chance that powerful actions are brought into scope when not actually needed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal