The Agent Skills Directory

[COMMAND_EXECUTION]: The script executes the LibreOffice (soffice) binary via subprocess.run to handle PPTX to PDF conversion.
Evidence: fetch_slides.py contains a call to subprocess.run(cmd, ...) where cmd includes the path to soffice and the input/output file paths.
Mitigation: The script uses an argument list rather than a shell string, which mitigates shell injection, but still relies on the safety of the external binary when processing potentially malformed input files.
[EXTERNAL_DOWNLOADS]: The skill fetches files and HTML content from user-provided URLs.
Evidence: fetch_slides.py uses httpx.get and httpx.head to download data from external servers.
[REMOTE_CODE_EXECUTION]: The skill utilizes Playwright to render RevealJS presentations. This involves executing JavaScript code from the remote URL within a headless browser instance.
Evidence: fetch_revealjs_pdf in fetch_slides.py launches a Chromium instance to visit and print the slide URL.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it parses and extracts text content from external presentations for the agent to use.
Ingestion points: Remote HTML content fetched in extract_revealjs_content (fetch_slides.py).
Boundary markers: The extracted content is structured using Markdown headers (## Slide X), but lacks explicit delimiters or instructions to the agent to ignore embedded commands within the text.
Capability inventory: The skill can execute subprocesses, perform network requests, and write to the file system.
Sanitization: The SlideExtractor (HTMLParser) extracts raw text data without filtering for potential prompt injection strings that could influence downstream agent behavior.

fetch-slides