The Agent Skills Directory

[Category 4] EXTERNAL_DOWNLOADS (LOW): The skill utilizes Content Delivery Networks (CDNs) to fetch the Reveal.js library, Google Fonts, and styling assets at runtime.
Evidence: README.md states the output is 'Self-contained HTML (CDN-based)'.
[TRUST-SCOPE-RULE]: Loading from common CDNs like cdnjs or Google Fonts is standard practice for this type of tool and is categorized as LOW risk.
[Category 8] INDIRECT_PROMPT_INJECTION (MEDIUM): The skill has a vulnerability surface where malicious instructions or scripts could be injected into the generated presentation if the source data is retrieved from an untrusted external entity.
Ingestion points: SLIDES array content field and PRESENTATION metadata object.
Boundary markers: Absent; the templates appear to trust the content provided to the SLIDES object.
Capability inventory: The skill generates HTML artifacts that are executed in the user's browser or within the AI interface's sandbox (e.g., Claude Artifacts), which could lead to Cross-Site Scripting (XSS).
Sanitization: No explicit sanitization or escaping logic is documented in the layout or theme references, which show raw HTML strings being passed into the template.
[Category 10] DYNAMIC_EXECUTION (LOW): The template-based approach involves assembling an executable HTML document from string fragments provided at runtime.
Evidence: reference/layouts.md shows the use of raw HTML strings for slide structure and content.

web-presentation