The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts pack.py and thumbnail.py utilize subprocess.run to execute external system tools like soffice and pdftoppm for document conversion tasks. Additionally, the unpack.py script uses the standard zipfile module's extractall method without path validation, which is susceptible to ZipSlip directory traversal if a malicious PPTX file contains entries with .. path segments. \n- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it renders presentation content into HTML slides that are then processed by a browser engine via Playwright in html2pptx.js. Maliciously formatted text in a source document could potentially influence the AI agent or the rendering environment. \n
Ingestion points: User-provided .pptx files parsed by inventory.py and markitdown. \n
Boundary markers: No explicit delimiters or boundary instructions are used when the agent generates the HTML templates for rendering. \n
Capability inventory: The skill can execute system commands via subprocess.run and write to the local file system. \n
Sanitization: No automated content sanitization or escaping is provided in the provided library code.

pptx