Skills
skills/openclaw/skills/ai-ppt-generate/Gen Agent Trust Hub

ai-ppt-generate

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis

Total Findings: 4

šŸ”“ HIGH Findings: ā€¢ Prompt Injection

  • SKILL.md, scripts/ppt_generate.py, scripts/ppt_outline_generate.py: The query and outline parameters are user-provided strings that are passed directly to the Baidu API. If the backend Baidu service uses an LLM to process these inputs, they are highly susceptible to prompt injection attacks, allowing an attacker to manipulate the AI's behavior or extract sensitive information. ā€¢ Indirect Prompt Injection / SSRF / Malicious Content Processing
  • SKILL.md, scripts/ppt_generate.py, scripts/ppt_outline_generate.py: The resource_url and custom_tpl_url parameters allow users to specify arbitrary URLs. These URLs are then passed to the Baidu API, which will fetch content from them. This creates several high-risk vectors:
    1. Server-Side Request Forgery (SSRF): The Baidu server could be coerced into making requests to internal networks or other sensitive targets.
    2. Malicious Content Processing: The Baidu service could fetch and process malicious documents (e.g., a PDF with embedded exploits, or a Word document designed to trigger vulnerabilities in the processing engine), potentially leading to command execution on Baidu's infrastructure.
    3. Indirect Prompt Injection: If the fetched content is then fed to an LLM, it could be used to inject malicious prompts.

šŸ”µ LOW Findings: ā€¢ API Key Transmission

  • scripts/ppt_generate.py, scripts/ppt_outline_generate.py, scripts/ppt_theme_list.py: The BAIDU_API_KEY is retrieved from environment variables and sent in the Authorization header to https://qianfan.baidubce.com. While this is the intended functionality for the skill to operate with the Baidu service, it involves sending a sensitive credential to an external, non-whitelisted domain. Users should be aware that their API key is transmitted to Baidu. ā€¢ Unverified Dependency
  • scripts/ppt_generate.py, scripts/ppt_outline_generate.py, scripts/ppt_theme_list.py: The Python scripts rely on the requests library. While requests is a widely used and generally trusted library, the skill does not explicitly manage its installation. It assumes requests is available in the Python environment. This is a common pattern for Python skills and is noted as an informational finding.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 09:26 AM