The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from PowerPoint and HTML files without explicit boundary markers or instructions to ignore embedded commands. Ingestion points: The agent ingests data from PPTX files via scripts/inventory.py and renders HTML slide templates via scripts/html2pptx.js. Boundary markers: There are no specific instructions or delimiters defined to isolate user-provided slide content from the agent's instructions. Capability inventory: The skill can execute system commands via subprocess.run (soffice, pdftoppm) and has broad file system access. Sanitization: Although defusedxml is used for XML structure validation, the textual content extracted from slides and the HTML rendered in the browser are not sanitized for natural language instructions.
[COMMAND_EXECUTION]: The skill uses the system shell to execute several external document processing utilities. Evidence: ooxml/scripts/pack.py, ooxml/scripts/redlining.py, and scripts/thumbnail.py use subprocess.run to call soffice (LibreOffice), pdftoppm (Poppler), and git.
[EXTERNAL_DOWNLOADS]: The skill depends on various external libraries and drivers. Evidence: Node.js dependencies include playwright, which manages browser binaries for rendering, and sharp. Python dependencies include markitdown and python-pptx.

pptx