The Agent Skills Directory

[SAFE]: No malicious patterns or security violations were detected.
[COMMAND_EXECUTION]: The skill uses subprocess.run in several scripts (thumbnail.py, pack.py, redlining.py) to execute standard command-line tools like LibreOffice (soffice), Poppler (pdftoppm), and git. These calls are localized to the skill's primary functions (converting slides to images and validating document integrity) and do not incorporate unvalidated user input into shell commands.
[EXTERNAL_DOWNLOADS]: Dependencies are limited to standard, well-known libraries from official registries (PyPI and NPM), such as python-pptx, playwright, and sharp. The markitdown tool is also a standard utility for text extraction.
[DATA_EXFILTRATION]: No network operations or credential harvesting patterns were found. Local file access is restricted to the workspace and temporary directories used for document processing.
[PROMPT_INJECTION]: Instructions focus on teaching the AI agent how to use the provided tools. No behavior override markers or safety filter bypass attempts were detected.
[DATA_EXPOSURE]: The skill uses defusedxml for XML parsing, which provides effective mitigation against XML External Entity (XXE) and other XML-based attacks when processing untrusted PowerPoint or Word files.

pptx