The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The documentation instructs users to install an external MCP server (@gongrzhe/office-powerpoint-mcp-server) from the NPM registry. This package is provided by an unverified third-party author, which introduces a potential supply chain vulnerability.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted markdown data. * Ingestion points: Markdown files are read locally via scripts/analyze_content.py and interpreted by the agent. * Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from executing instructions embedded within the user-provided markdown content. * Capability inventory: The skill executes local Python scripts and utilizes an MCP server with file-system write capabilities to generate presentations. * Sanitization: The analysis script does not perform any sanitization or filtering of the input markdown text to detect or mitigate potential injection attacks.
[COMMAND_EXECUTION]: The skill instructions in SKILL.md refer to a missing validation script (scripts/validate_consistency.py). While not inherently malicious, the instruction for the agent to execute a non-existent or external script represents a breakdown in skill integrity.

elite-powerpoint-designer