Trust Assessment
wps-ppt-automation received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential for Data Exfiltration via File Read/Write, Broad File System Access, Arbitrary Presentation Modification.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for Data Exfiltration via File Read/Write The skill allows reading content (text, notes, outline, images) from any user-specified PowerPoint/WPS presentation file on the local system and writing this content to an arbitrary file path or directory. An attacker could craft a prompt to instruct the LLM to read sensitive presentation files (e.g., containing internal documents, financial data, or PII) and then write their contents to a location accessible for exfiltration, or directly provide the content back to the LLM. Implement strict allowlisting for file paths (e.g., only allow reading/writing within a designated sandbox directory). Sanitize or validate input paths to prevent directory traversal. Consider redacting sensitive information before outputting. | LLM | scripts/wps_ppt_automation.py:60 | |
| MEDIUM | Broad File System Access The skill operates with broad read and write access to the local file system, capable of opening, modifying, and saving arbitrary presentation files, as well as creating directories and writing output files to any specified path. While necessary for its core functionality, this level of access, when controlled by an LLM, presents a significant attack surface. A malicious prompt could instruct the LLM to interact with critical system files or sensitive user data outside the intended scope of presentation automation. Restrict the skill's execution environment to a sandboxed user with minimal file system permissions. Implement strict input validation and path sanitization to limit file operations to designated, non-sensitive directories. | LLM | scripts/wps_ppt_automation.py:37 | |
| MEDIUM | Arbitrary Presentation Modification The skill allows for arbitrary modification of presentation files, including text replacement, slide insertion/deletion, and theme/font changes. These modifications can be saved to a user-specified output path, potentially overwriting original files or introducing unwanted content. An attacker could leverage this to corrupt important documents, insert misleading information, or modify presentations in a way that could lead to further compromise (e.g., by embedding malicious links or macros, though the skill itself doesn't create macros, it could modify existing ones if the COM object allows). Implement strict input validation for modification parameters. Require explicit user confirmation for any destructive operations or overwriting of existing files. Consider versioning or backup mechanisms for modified files. | LLM | scripts/wps_ppt_automation.py:135 |
Scan History
Embed Code
[](https://skillshield.io/report/de2f0901c71c8af0)
Powered by SkillShield