The Agent Skills Directory

[COMMAND_EXECUTION]: Spawns external processes using subprocess.run to call soffice (LibreOffice) and pdftoppm (Poppler). These operations are used for converting presentations to PDF and images for visual analysis and validation. The implementation uses argument lists rather than shell strings, mitigating command injection risks.- [COMMAND_EXECUTION]: Uses the playwright library to launch a headless Chromium instance. This is used to render HTML slides into a browser context to accurately calculate element positions for PowerPoint generation.- [SAFE]: Implements secure XML handling by using the defusedxml library in unpack.py and pack.py. This protects the system against XML External Entity (XXE) and billion laughs attacks when processing Office Open XML files.- [SAFE]: The skill uses well-known, established libraries for PowerPoint manipulation (python-pptx) and image processing (sharp, Pillow), ensuring reliable and standard file handling behavior.- [PROMPT_INJECTION]: While the skill ingests external content from PowerPoint files, it uses standard extraction methods. The risk of indirect prompt injection is handled through the underlying LLM's guardrails when processing the extracted text.

pptx