The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides utility shell scripts, new-deck.sh and render.sh, which perform file system operations like creating directories and using sed for path rewriting, and execute Google Chrome in headless mode for exporting slides to PNG format.
[COMMAND_EXECUTION]: In the testing-safety-alert template, destructive command examples (e.g., rm -rf /) are represented using HTML entity encoding (m, o) to prevent automated security scanners from flagging the presentation text as executable malicious code.
[EXTERNAL_DOWNLOADS]: The skill's HTML templates download third-party libraries and fonts from public CDNs, specifically cdn.jsdelivr.net for chart.js and highlight.js, and fonts.googleapis.com for web typography.
[REMOTE_CODE_EXECUTION]: The fx-runtime.js component dynamically loads and executes canvas-based animation modules from the skill's local assets/animations/fx/ directory by injecting script tags into the document at runtime.
[DATA_EXFILTRATION]: The assets/runtime.js file implements a local synchronization mechanism between the audience and presenter windows using the BroadcastChannel API and postMessage to coordinate slide navigation without external network transmission.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where the agent is instructed to populate HTML layout files with user-supplied content.
Ingestion points: Instructions in SKILL.md for the agent to replace placeholder demo data in layout files with user-provided text.
Boundary markers: Absent; templates do not define explicit delimiters or instructions to ignore embedded commands in user data.
Capability inventory: File system writing through new-deck.sh, command execution via render.sh, and local inter-window communication via runtime.js.
Sanitization: Absent; the skill lacks validation or escaping mechanisms to prevent user-supplied strings from containing malicious HTML or script tags.

html-ppt