The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The Monaco runner feature ({monaco-run}) allows for the live execution of JavaScript/TypeScript code defined in the slide's markdown blocks. This capability represents a significant execution surface if the agent is used to render or preview presentations derived from untrusted external sources.\n
Evidence: references/monaco.md documenting {monaco-run}, {monaco-write}, and {monaco-run} {autorun:true}.\n- [Unverifiable Dependencies] (LOW): Slidev is designed to automatically download and install themes and addons from external npm/pnpm registries upon first use. This creates a potential vector for supply-chain attacks if the markdown frontmatter specifies malicious packages.\n
Evidence: references/themes-addons.md stating that 'Themes auto-install on first run' and detailing manual installation commands.\n- [Command Execution] (LOW): The skill utilizes several CLI commands, including slidev, npm, and pnpm, to initialize, serve, build, and export presentations. These commands execute with the permissions of the local environment.\n
Evidence: SKILL.md provides a CLI reference for project creation and server management.\n- [Indirect Prompt Injection] (LOW): Slidev ingests markdown files that can contain executable scripts, iframes, and styling logic, making it vulnerable to indirect injection if the source content is not properly sanitized or isolated.\n
Ingestion points: slides.md entry file and themeConfig metadata.\n
Boundary markers: Absent; the tool interprets and renders markdown content directly without boundary markers.\n
Capability inventory: Shell command execution for builds, local dev server hosting, and browser-based JS execution.\n
Sanitization: Absent; as a development tool, it is designed to trust the provided markdown input as authoritative.

slidev