The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for environment setup and document processing, including package management and CLI tools like npm, marp, and uv.
[COMMAND_EXECUTION]: The orchestration documentation explicitly suggests using sudo to resolve permission errors during the global installation of NPM packages, which constitutes an instruction for privilege escalation.
[EXTERNAL_DOWNLOADS]: The skill attempts to download and install external software at runtime, specifically requesting the global installation of the @marp-team/marp-cli package from the NPM registry and potentially using Homebrew or Docker.
[REMOTE_CODE_EXECUTION]: The orchestration workflow involves the dynamic generation and execution of Python scripts (generate_charts.py and insert_charts_marp.py) based on templates provided in the reference files, which are then executed by the agent to manipulate data and files.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user input—such as presentation topics and external data files (CSV, JSON, Excel)—and processes them into executable scripts or commands without explicit sanitization or boundary markers. Evidence:
Ingestion points: User-supplied topics via INTAKE.md and data file uploads.
Boundary markers: Absent; there are no instructions to delineate or treat user data as untrusted content.
Capability inventory: Full access to shell execution (npm, python3, marp), file system write operations, and powerful task tools.
Sanitization: Absent; the skill lacks any validation or escaping mechanisms for the data it interpolates into its workflows.

ppt-creator