The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run and spawnSync to invoke legitimate system utilities such as LibreOffice (soffice), Inkscape, ImageMagick (magick), and font utilities (fc-list, fc-match). These are used for document conversion, image rasterization, and font discovery as part of the primary purpose of the skill. All commands are constructed using list-based arguments, preventing shell injection vulnerabilities.
[DATA_EXPOSURE]: Analysis of the Python and JavaScript components confirms that file access is restricted to input presentation files and temporary rendering artifacts. There are no hardcoded credentials or unauthorized data exfiltration patterns.
[REMOTE_CODE_EXECUTION]: No remote code execution patterns were found. All dependencies are well-known libraries and standard system packages mentioned in the documentation.

slides