The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes external command-line utilities to perform document conversions and comparisons. While these invocations are performed using safe argument passing methods (list-based subprocess calls), they operate on user-supplied files which could be manipulated.
File: scripts/thumbnail.py executes soffice and pdftoppm to generate slide previews.
File: ooxml/scripts/pack.py executes soffice during document validation.
File: ooxml/scripts/validation/redlining.py executes git diff to validate tracked changes.
[PROMPT_INJECTION]: The skill processes untrusted text content from PowerPoint files and HTML templates, creating a surface for indirect prompt injection if the extracted data is subsequently processed by the AI agent without sanitization.
Ingestion points: Text is extracted from .pptx files via scripts/inventory.py and HTML content is rendered in scripts/html2pptx.js.
Boundary markers: No explicit boundary markers or ignore-instruction warnings are placed around extracted text in the utility scripts.
Capability inventory: The skill has capabilities for file system read/write, network operations (via Playwright browser), and subprocess execution (soffice, git).
Sanitization: The skill effectively uses defusedxml to mitigate XML-based vulnerabilities such as XXE (XML External Entity) attacks.

pptx