The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute standard Node.js development commands, specifically npm install and npm run dev, to build and preview the generated slide deck application.
[EXTERNAL_DOWNLOADS]: The generated application is configured to fetch font resources from well-known services (Google Fonts and Fontshare) and manages its dependencies through standard NPM registries.
[REMOTE_CODE_EXECUTION]: The skill involves dynamic code generation (Category 10), where the agent writes React and TypeScript source files based on templates and user input. These files are subsequently executed in a local development environment. This is considered low severity as it follows standard patterns for development tools.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it processes untrusted user-provided content and interpolates it into the generated code without explicit boundary markers or sanitization logic.
Ingestion points: User-provided presentation topics and content are requested in SKILL.md.
Boundary markers: The instructions do not define any delimiters or safety markers to isolate user-provided data from the agent's code-generation logic.
Capability inventory: The skill has the capability to write files, execute subprocesses via npm, and generate browser-executable code.
Sanitization: No escaping, validation, or filtering of user input is specified before it is embedded into the slide components.

slide-deck