The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to generate a Python script named 'slide_helper_server.py' that utilizes the 'subprocess' module to execute system commands (specifically macOS 'open' commands). While the provided template limits execution to specific applications, it establishes a functional bridge for executing shell commands from the browser.
[REMOTE_CODE_EXECUTION]: The generated 'slide_helper_server.py' establishes a local HTTP server on port 8765 that exposes command execution endpoints. This server lacks any form of authentication or authorization and explicitly enables Cross-Origin Resource Sharing (CORS) from any origin ('Access-Control-Allow-Origin: *'). This configuration allows any malicious website visited by the user to potentially trigger command execution on the host machine if the server is running.
[PROMPT_INJECTION]: The skill provides functionality to convert PowerPoint files (.ppt, .pptx) into HTML presentations. This process involves extracting text and content from external, potentially untrusted files. This creates an indirect prompt injection surface where a malicious presentation could contain instructions designed to manipulate the agent's behavior during the conversion and code generation phases.
[EXTERNAL_DOWNLOADS]: The skill references external CSS and font assets from well-known services including Google Fonts ('fonts.googleapis.com') and Fontshare ('api.fontshare.com'). Additionally, the skill requires the installation of the 'python-pptx' and 'google-generativeai' Python packages. These resources are from established providers and the references are documented neutrally.

frontend-slides