The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its image generation feature.
Ingestion points: The scripts/create_pptx.py script parses user-provided Markdown outlines and JSON structures to identify image generation prompts (e.g., generate: description).
Boundary markers: There are no explicit boundary markers or instructions implemented to prevent malicious instructions embedded in the input data from being interpreted by the downstream image generation tool.
Capability inventory: The skill possesses the capability to execute shell commands via subprocess.run in scripts/create_pptx.py to call an external image generation script located in a sibling skill directory.
Sanitization: The input prompts are extracted and passed directly to the subprocess call without significant validation or escaping, relying on the receiving script's own security measures.
[COMMAND_EXECUTION]: The script scripts/create_pptx.py utilizes subprocess.run to execute external scripts via uv run. While the use of an argument list prevents direct shell injection, the execution of external logic triggered by content from untrusted input files represents a sensitive capability.

pptx-creator