The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted user content and interpolates it into prompts for an image generation agent.
Ingestion points: Untrusted content is ingested from user-provided markdown files or pasted text as defined in SKILL.md (Step 1.2).
Boundary markers: Delimiters like --- and Markdown headers are used in references/base-prompt.md, but these do not reliably prevent instructions embedded within the user content from influencing the agent.
Capability inventory: The skill can write to the filesystem, execute shell commands via npx, and invoke external image generation capabilities.
Sanitization: There is no evidence of input validation, escaping, or filtering of the user-provided content before it is interpolated into the final prompts.
[COMMAND_EXECUTION]: The skill instructs the agent to perform several shell operations, including environment checks using test -f and test -d in SKILL.md (Steps 1.1 and 1.3). It also executes local scripts via npx -y bun to merge slide images into final documents.
[EXTERNAL_DOWNLOADS]: The execution of npx -y bun for merging scripts (scripts/merge-to-pptx.ts and scripts/merge-to-pdf.ts) involves fetching packages from the npm registry at runtime.

baoyu-slide-deck