The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's instructions in SKILL.md frequently use python3 -c to execute multi-line Python scripts. These scripts perform operations such as reading task configurations, writing markdown specifications, and managing page-by-page rendering logic, which represents a pattern of dynamic script execution.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data that is then interpolated into system prompts for other AI models.
Ingestion points: Data enters the context via info_pack.json (specifically the user_query and document_digest fields) in SKILL.md stages 2, 3, and 4.
Boundary markers: The prompt templates provided in the prompts/ directory (e.g., outline.md, page_prompt.md, style_from_query.md) do not use clear delimiters or negative instructions to prevent the model from following commands hidden within the user-provided query or document content.
Capability inventory: The skill has the ability to execute shell commands (python3), perform file system writes (generating .md, .json, .txt, and .pptx artifacts), and trigger image generation via the sn-image-base tool.
Sanitization: The skill includes a dedicated script scripts/sanitize_prompt.py which uses regular expressions to strip technical metadata like hex codes and CSS units from prompts; however, this script is designed to prevent T2I rendering errors rather than to sanitize against adversarial instructions.

sn-ppt-creative