Trust Assessment
ai-ppt-generate received a trust score of 44/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 3 high, 4 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential Server-Side Request Forgery (SSRF) via resource_url, Potential Server-Side Request Forgery (SSRF) via custom_tpl_url.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Server-Side Request Forgery (SSRF) via resource_url The `resource_url` parameter in the `ppt_generate` function accepts an arbitrary URL from user input and passes it directly to an external Baidu API endpoint. The Baidu API is expected to download content from this URL. If the Baidu API's backend does not sufficiently validate or restrict the provided URL, an attacker could exploit this to perform Server-Side Request Forgery (SSRF). This could allow the attacker to make requests to internal network resources, cloud metadata services, or other arbitrary hosts, potentially leading to data exfiltration or access to sensitive internal systems. Implement strict URL validation and sanitization for `resource_url` before passing it to the external API. This should include whitelisting allowed domains/protocols, blocking internal IP ranges, and potentially using a proxy that enforces these policies. If the Baidu API is expected to handle the fetching, ensure that Baidu's API documentation explicitly states robust SSRF protections are in place for user-provided URLs. | LLM | scripts/ppt_generate.py:29 | |
| HIGH | Potential Server-Side Request Forgery (SSRF) via custom_tpl_url The `custom_tpl_url` parameter in the `ppt_generate` function accepts an arbitrary URL from user input and passes it directly to an external Baidu API endpoint. The Baidu API is expected to download the custom template from this URL. This presents an SSRF vulnerability if the Baidu API's backend does not adequately validate or restrict the provided URL, potentially allowing an attacker to access internal resources or exfiltrate data. Implement strict URL validation and sanitization for `custom_tpl_url` before passing it to the external API. This should include whitelisting allowed domains/protocols, blocking internal IP ranges, and potentially using a proxy that enforces these policies. If the Baidu API is expected to handle the fetching, ensure that Baidu's API documentation explicitly states robust SSRF protections are in place for user-provided URLs. | LLM | scripts/ppt_generate.py:31 | |
| HIGH | Potential Server-Side Request Forgery (SSRF) via resource_url The `resource_url` parameter in the `ppt_outline_generate` function accepts an arbitrary URL from user input and passes it directly to an external Baidu API endpoint. The Baidu API is expected to download content from this URL. If the Baidu API's backend does not sufficiently validate or restrict the provided URL, an attacker could exploit this to perform Server-Side Request Forgery (SSRF). This could allow the attacker to make requests to internal network resources, cloud metadata services, or other arbitrary hosts, potentially leading to data exfiltration or access to sensitive internal systems. Implement strict URL validation and sanitization for `resource_url` before passing it to the external API. This should include whitelisting allowed domains/protocols, blocking internal IP ranges, and potentially using a proxy that enforces these policies. If the Baidu API is expected to handle the fetching, ensure that Baidu's API documentation explicitly states robust SSRF protections are in place for user-provided URLs. | LLM | scripts/ppt_outline_generate.py:25 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jlpjavawayup/ai-ppt-generate/scripts/ppt_generate.py:3 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jlpjavawayup/ai-ppt-generate/scripts/ppt_outline_generate.py:3 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jlpjavawayup/ai-ppt-generate/scripts/ppt_theme_list.py:3 | |
| MEDIUM | Unpinned Python Dependencies The Python scripts utilize external libraries like `requests` but do not provide a `requirements.txt` or similar dependency management file. This means that the exact versions of dependencies are not pinned, which can lead to non-deterministic builds and potential security vulnerabilities if a new version of a dependency introduces breaking changes or security flaws. Create a `requirements.txt` file that explicitly lists and pins all Python dependencies to specific versions (e.g., `requests==2.28.1`). This ensures consistent environments and mitigates risks from unexpected dependency updates. | LLM | scripts/ppt_generate.py:1 |
Scan History
Embed Code
[](https://skillshield.io/report/9aebacbe508dfdf9)
Powered by SkillShield