The Agent Skills Directory

[COMMAND_EXECUTION]: The tool relies on several system utilities to process presentations. It uses soffice (LibreOffice) for PDF and SVG exports, pdftoppm for generating slide previews as PNGs, and powershell.exe to correctly resolve file paths in WSL environments. These commands are executed via subprocess.run with controlled arguments.
[EXTERNAL_DOWNLOADS]: The skill automates the retrieval of presentation assets from well-known sources. It downloads official AWS Architecture icons from the awsstatic.com domain and clones the Material Symbols repository from GitHub using git. These downloads are intended to provide the user with high-quality icons for their slides.
[PROMPT_INJECTION]: The skill features a surface for indirect prompt injection as it ingests content from user-provided PPTX files during conversion and translation workflows.
Ingestion points: Shape text and speaker notes are extracted in sdpm/converter/slide.py and processed in workflows.
Boundary markers: Explicit delimiters for untrusted content are generally absent in the workflow instructions.
Capability inventory: The skill can perform file writes and execute specific system commands via subprocess in sdpm/api.py and sdpm/preview/backend.py.
Sanitization: Uses defusedxml to protect against XML-based injection attacks during extraction.
[SAFE]: Security best practices are implemented throughout the codebase. The defusedxml library is used to harden XML parsing against XXE attacks, and path traversal checks are included in the image resolution logic in sdpm/utils/image.py to prevent unauthorized file access. The overall behavior is consistent with the skill's stated purpose.

spec-driven-presentation-maker