The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the execute tool to run various system commands for environment setup, slide generation, and quality assurance. This includes running package managers (npm, pip), executing a dynamically created JavaScript file using node, and using system utilities like soffice and pdftoppm for document conversion and inspection.
[EXTERNAL_DOWNLOADS]: The skill documentation instructs the agent to install several third-party libraries from public registries. These include pptxgenjs, react-icons, sharp, markitdown, and Pillow. These are well-known packages used for the skill's primary purpose of generating and processing presentation materials.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted user data—such as research findings, paper titles, and figure descriptions—directly into a JavaScript template that is subsequently executed by the agent.
Ingestion points: Data is ingested from user-provided research papers, manuscripts, and artifacts generated by other workspace skills.
Boundary markers: No specific delimiters or safety instructions are used to isolate user-provided content within the generated script, which could allow malicious input to break out of string literals.
Capability inventory: The skill provides a high-privilege environment combining file-writing (write_file) and code execution (execute), allowing it to run arbitrary logic based on the processed inputs.
Sanitization: The instructions do not define any sanitization or validation logic to process user text before it is interpolated into the slide generation scripts.

academic-slides