The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to execute local helper scripts. The commands are constructed using argument lists rather than shell strings, which effectively prevents command injection from user-supplied data.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests user-provided text to generate prompts for an external image generation API without using robust boundary markers.
Ingestion points: User-provided descriptions for poster figures enter the system via the prompt argument in scripts/generate_schematic.py and are used in scripts/generate_schematic_ai.py (specifically in generate_iterative and improve_prompt).
Boundary markers: Absent; user input is concatenated directly with system instructions without delimiters like XML tags or explicit 'ignore embedded instructions' warnings.
Capability inventory: The skill has access to the Bash tool and can execute local scripts, as well as system commands like google-chrome and libreoffice for document conversion.
Sanitization: No sanitization or validation is performed on the user-supplied prompt before it is sent to the LLM-based image generation service.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to openrouter.ai (a well-known LLM and image model gateway) to perform its primary function. This is a legitimate use of an external service and follows standard API security practices, such as using environment variables for API keys.

pptx-posters