The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local TypeScript scripts (scripts/merge-to-pdf.ts and scripts/merge-to-pptx.ts) using the bun runtime or npx to perform file processing and format conversion. This is a standard functional requirement for merging generated images.
[EXTERNAL_DOWNLOADS]: The skill uses npx -y bun as a fallback mechanism to ensure the bun runtime is available. bun is a well-known development tool, and its use here follows established developer workflows.
[DATA_EXFILTRATION]: The skill reads and writes configuration and session data in the user's home and project directories (e.g., .baoyu-skills/baoyu-slide-deck/EXTEND.md). This access is limited to the skill's own operational data and does not involve accessing sensitive system credentials or exfiltrating data to external servers.
[PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection as it processes user-provided content for slide generation. However, it mitigates this risk through a mandatory multi-step confirmation policy (Step 2, 4, and 6) where the agent must wait for user approval after generating the outline and prompts, but before performing expensive or impactful actions like image generation.
Ingestion points: User-provided content is ingested during the analysis phase (Step 1.2).
Boundary markers: The workflow uses a structured transition from raw content to a markdown outline, providing clear checkpoints for the user to review the agent's interpretation.
Capability inventory: The skill can perform file system operations (read/write) and execute shell commands via the bun runtime for script execution.
Sanitization: The skill follows a strict analysis framework (references/analysis-framework.md) that requires the agent to deconstruct and reformat the input into a specific schema before further processing.

baoyu-slide-deck