aippt

[Skill Scanner] Outbound data post or form upload via curl/wget detected This skill/documentation is functionally consistent with an AI-driven PPT generation pipeline and does not contain explicit code-level malware in the provided files. However, there are multiple operational security concerns: plaintext API keys stored in config/secrets.md, use of third-party image-generation and unspecified image-hosting endpoints that will receive prompts, content, and keys, and lack of audited scripts for packaging. These factors make the skill moderately risky from a supply-chain and data-leakage perspective — acceptable for use only if the user trusts the listed external services and follows safe secret-handling practices. Because the actual script implementation is not provided, a final security assessment requires reviewing scripts/images2pptx.js and any upload scripts referenced in 05_图床上传方法.md. LLM verification: This SKILL.md is coherent with its stated purpose (automated PPT generation via image-generation API + assembly). There is no clear malicious code or obfuscated payload in the provided content. However, it contains multiple supply-chain and data-exposure risks: storing API keys in a plaintext config file, example curl commands that encourage copy/paste of secrets, unpinned npm install instructions, and reliance on unspecified third-party 图床 and a not-explicitly-vetted API endpoint (api.apicore.a