powerpoint

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These are direct links to .sh and .ps1 installer scripts on a third‑party domain — executing remote shell/PowerShell install scripts (curl|sh or Invoke-Expression) from anything other than a well‑known, verified vendor is high risk unless you inspect and verify the script and domain first.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Validate pipeline optionally sends slide images to an external vision-capable model via the GitHub Copilot SDK (see SKILL.md validate_slides.py and Invoke-PptxPipeline.ps1 Invoke-ValidateDeck) and writes per-slide model responses (validation-results.json / slide-NNN-validation.txt) that agents are intended to read and could materially influence follow-up actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill includes explicit instructions that bypass security (PowerShell -ExecutionPolicy ByPass and curl|sh installers), uses sudo package installation, and exposes a --allow-scripts flag that disables AST/static checks and runs arbitrary code, which together encourage bypassing protections and modifying the host state.