The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is designed to ingest data from untrusted external sources, such as web articles (via URLs) and existing PPTX files, to create or translate presentations. This creates a surface for Indirect Prompt Injection where malicious instructions embedded in the source material could influence the agent's behavior during the extraction or translation phases.
Ingestion points: Detected in reconstruct_analyzer.py (processing PPTX) and outlined in purpose-blog.instructions.md (fetching web content).
Boundary markers: There are no explicit instructions or delimiters mentioned in the agent guidelines to warn the LLM to ignore instructions found within the processed data.
Capability inventory: The skill possesses significant capabilities, including executing local scripts via subprocess.run (in resume_workflow.py) and performing network requests (via curl or requests as suggested in instructions).
Sanitization: The system includes schema validation (validate_content.py) but lacks content-level sanitization to filter out potential prompt injection attempts from the ingested text.

powerpoint-automation