The Agent Skills Directory

PROMPT_INJECTION (MEDIUM): The skill is vulnerable to indirect prompt injection via the processing of external Markdown, JSON, and CSV files. • Ingestion points: Arguments like '--outline', '--json', and internal '- data:' references within markdown files. • Boundary markers: No delimiters or 'ignore instructions' warnings are present in the documentation. • Capability inventory: The skill writes to the filesystem ('--output') and executes local Python logic. • Sanitization: No sanitization or validation of the untrusted data is documented before it is passed to the generation scripts.
COMMAND_EXECUTION (LOW): The skill relies on executing shell commands via 'uv run' to operate its internal scripts. This is a standard pattern for the 'uv' environment but necessitates that the '{baseDir}/scripts/' directory remains read-only to prevent script substitution.

pptx-creator