pptx-design-agent

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] This skill's description, capabilities, and required operations are consistent with its stated purpose: creating and live-editing PowerPoint presentations on macOS. It does not contain obvious malicious code or obfuscation in the provided manifest. The primary security concern is privacy/data-leakage: the skill instructs use of an external image-generation skill/service ('baoyu-danger-gemini-web') and will likely send slide content and image prompts off-host. Combined with powerful AppleScript control (open/edit/save) and repeated file operations (audit loop), this expands the attack/abuse surface. For normal non-sensitive slide content the risk is moderate but acceptable; for sensitive corporate data, the external image-generation step and broad macOS scripting permissions create a meaningful privacy/exfiltration risk. I classify it as SUSPICIOUS from a data-exfiltration/privacy perspective but not overtly malicious. LLM verification: No clear signs of active malware or deliberate backdoor code in the provided skill document. However, the skill contains multiple supply-chain and privacy risks that make it suspicious in a supply-chain context: unpinned pip installs, reliance on an external (unnamed/trust-unknown) image-generation skill for potentially sensitive content, and powerful AppleScript automation rights. These factors are proportionate to the skill's functionality but increase attack surface and warrant caution. I rat