The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads images from user-specified URLs in the add-image command and retrieves slide thumbnails from Google-hosted URLs in the thumbnails command.
[PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting untrusted data from existing presentations and comments. Ingestion points: Slide text and metadata are ingested in cmd_get, and presentation comments are ingested in cmd_comments (slides_skill.py). Boundary markers: The retrieved content is provided to the agent as raw JSON data without any delimiters or instructions to ignore potential instructions embedded in the text. Capability inventory: The skill provides extensive capabilities to create presentations, modify content, and export data to the local file system (slides_skill.py: cmd_create, cmd_add_text, cmd_export). Sanitization: The skill does not perform any sanitization or validation of the text retrieved from the Google API before passing it to the agent.

google-slides-skill