class-ppt-generator

Security checks across malware telemetry and agentic risk

Overview

This is a small classroom PPT helper with only Markdown instructions and no hidden code, credentials, persistence, or destructive behavior.

Safe to install for classroom PPT generation. Confirm the desired lesson type and language when your request is ambiguous, and review retrieved teaching material and generated slides before using them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger description is broad enough to activate on common phrases like “班会” or “英语课” combined with “PPT,” which can cause the wrong skill to intercept unrelated user requests. In an agent system, overbroad routing can lead to unintended data handling, incorrect tool invocation, or user confusion, especially when the skill automatically proceeds into retrieval and downstream PPT generation.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill hard-codes language modes by lesson type (“全中文” for class meetings and “中英混合” for English lessons) without checking user preference. This is primarily a policy and usability risk, but it can also cause unintended disclosure or misalignment if user-provided content should remain in a specific language and the skill transforms it automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal