The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads content and images from URLs provided as user input. This behavior is mediated through the urllib.request library in Python (create_from_template.py) and the https module in Node.js (create_pptx.js). This is standard functionality for converting web articles into presentations.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it fetches and summarizes content from untrusted web sources. This content is then processed by the Summarizer and Localizer agents.
Ingestion points: Web content is fetched based on user-provided URLs in classify_input.py and converted to text/images.
Boundary markers: While structured data is validated against schemas (validate_content.py), natural language data interpolated into agent instructions lacks explicit delimiters to prevent control token injection.
Capability inventory: The skill can write files to the local system and execute internal scripts to manage the workflow.
Sanitization: Filenames derived from external keywords are sanitized using regular expressions, but the textual content remains un-sanitized for the agents.
[COMMAND_EXECUTION]: Several scripts (resume_workflow.py, create_from_template.py, and pptx-signature.js) use the subprocess (Python) and child_process (Node.js) modules to execute local commands. These are primarily used for gathering Git repository information or orchestrating internal validation and generation scripts. Inputs to these commands are generally sanitized or derived from trusted internal logic.

powerpoint-automation