The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the Playwright framework and the Chromium browser binary for its screenshot functionality. These dependencies are fetched from official registries (npm) and reputable sources (Microsoft). Based on the nature of the tool, these downloads are expected and safe.\n
Evidence: package.json includes playwright as a dependency, and the npm run setup command installs the required Chromium browser.\n- [COMMAND_EXECUTION]: The skill includes a custom Node.js script (screenshot-slides.js) to automate the rendering and capturing of slides.\n
Evidence: The script iterates through a local directory of HTML files and launches a headless browser instance to capture PNG images. It is executed via the command line with a project-specific directory name as an argument.\n- [PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface, which is inherent to its function of rendering user-provided content into HTML.\n
Ingestion points: User-supplied topics, bullet points, and branding handles are interpolated directly into HTML/CSS templates in SKILL.md.\n
Boundary markers: No explicit sanitization or delimiters are defined in the templates; the skill relies on the underlying agent's formatting capability.\n
Capability inventory: The generated HTML is rendered by the screenshot-slides.js tool using a browser context. While this provides a potential surface for script-based injection if the agent generates malicious HTML, the impact is mitigated by standard browser sandboxing of the file:// origin.\n
Sanitization: The skill assumes content generated by the agent is safe for rendering within the provided square-format templates.

create-html-carousel