The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses a dynamic code generation and execution pattern. It instructs the agent to create JavaScript modules (e.g., slide-01.js) and then executes them via node compile.js which dynamically imports these files using require() with computed paths. This is a vector for executing logic that may be influenced by untrusted input during the generation phase.
[COMMAND_EXECUTION]: The workflow involves executing shell commands such as node, python, npm, and pip for installation, content extraction, and presentation compilation.
[EXTERNAL_DOWNLOADS]: The skill installs external software dependencies from public registries and utilizes the PptxGenJS library, which is documented to fetch image assets and backgrounds from remote URLs at runtime.
[PROMPT_INJECTION]: The skill processes user-provided .pptx files using the markitdown tool. This creates an indirect prompt injection surface where malicious instructions embedded in a source presentation could be extracted and subsequently influence the agent's behavior or the content of the generated slides.
Ingestion points: Extraction of text from external PowerPoint files via markitdown (documented in SKILL.md and references/editing.md).
Boundary markers: None provided to isolate extracted text from system instructions.
Capability inventory: Execution of shell commands and dynamic JavaScript execution via node.
Sanitization: The skill suggests using defusedxml in references/editing.md for XML processing to prevent XML-based attacks, but does not implement sanitization for natural language instructions.

pptx-generator