The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill allows the ingestion of untrusted external content (e.g., research reports) which is then used to generate structured PPT outlines and rendered content.
Ingestion points: The content parameter in the generate_ppt_outline tool accepts arbitrary text from potentially untrusted sources.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are defined in the tool specifications or workflow.
Capability inventory: The skill can generate persistent files (PDF, PPTX) and render HTML previews (render_ppt). If the input content contains malicious Markdown or HTML, it could execute in the context of the user's browser during preview.
Sanitization: There is no documentation of sanitization or filtering of the input content before it is processed by the Marp Markdown engine.
[Obfuscation] (MEDIUM): The skill supports custom CSS for themes. While a legitimate feature, CSS can be used to exfiltrate data or perform UI redressing if malicious styles are injected via untrusted input content.
[Command Execution] (MEDIUM): The export_ppt tool takes a filename parameter. If the underlying implementation does not properly sanitize this filename before passing it to a shell for file generation or conversion (e.g., calling Marp CLI), it could lead to command injection.

ppt_generation