The Agent Skills Directory

[COMMAND_EXECUTION]: The ooxml/scripts/unpack.py script uses zipfile.ZipFile.extractall() without path validation or security filters, which introduces a potential directory traversal (ZipSlip) risk if processing a maliciously crafted PowerPoint archive.
[PROMPT_INJECTION]: The skill extracts and processes text from untrusted PowerPoint files, creating an indirect prompt injection surface.
Ingestion points: Text extraction in scripts/inventory.py and markdown conversion via markitdown mentioned in SKILL.md.
Boundary markers: Absent. There are no instructions or delimiters designed to isolate extracted content or warn the agent to ignore instructions embedded in the presentations.
Capability inventory: The skill has access to shell command execution via subprocess.run (in ooxml/scripts/pack.py and scripts/thumbnail.py) and a headless browser environment via Playwright (in scripts/html2pptx.js).
Sanitization: Absent. Presentation content is extracted and processed as raw text without filtering.
[COMMAND_EXECUTION]: The skill executes several external system binaries via subprocess.run to perform core tasks.
ooxml/scripts/pack.py and scripts/thumbnail.py call soffice (LibreOffice) for format conversion.
scripts/thumbnail.py calls pdftoppm (Poppler-utils) for slide imaging.
ooxml/scripts/validation/redlining.py calls git to generate diffs between document versions.
[EXTERNAL_DOWNLOADS]: The skill references and requires several third-party libraries from official package registries (PyPI and NPM) for document processing, rendering, and image management.
Python: markitdown, defusedxml, python-pptx, Pillow, lxml, and six.
Node.js: pptxgenjs, playwright, react-icons, react, react-dom, and sharp.

pptx