aippt
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The files
05_图床上传方法.mdandtips/image-upload.mdcontain a hardcoded API key for thefreeimage.hostservice (key=6d207e02198a847aa98d0a2a901485a5). Hardcoding credentials in skill documentation or scripts is a high-risk practice. - [DATA_EXFILTRATION] (MEDIUM): The core workflow requires uploading local PPT screenshots to third-party public image hosting services (e.g.,
freeimage.host,catbox.moe,litterbox) to obtain URLs for AI processing. This may result in the exposure of sensitive presentation content to external parties. - [COMMAND_EXECUTION] (MEDIUM): The skill documentation (
01_导出方法.md) includes instructions for executing arbitrary AppleScript (osascript) and PowerShell code to automate Keynote and PowerPoint, which could be exploited to run unintended system commands. - [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes
npm installfor thepptxgenjslibrary and makes network requests to external APIs such asapi.apicore.aiandismaque.orgfor image generation.
Recommendations
- AI detected serious security threats
Audit Metadata