The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on several local Node.js scripts to automate the presentation workflow. These include export_deck_pdf.mjs, export_deck_png.mjs, export_deck_pptx.mjs, and presentation_svg_pipeline.mjs. These scripts invoke system-level commands and binaries such as chromium (via Playwright), magick (ImageMagick), inkscape, rsvg-convert, and xmllint for rendering and validation. The use of spawnSync with explicit argument arrays reduces the risk of shell injection, and the skill's internal documentation includes security guidelines to mitigate risks associated with processing untrusted SVG inputs.
[EXTERNAL_DOWNLOADS]: The skill's HTML templates (html-decks.md) reference standard frontend libraries including React, ReactDOM, and Babel from the unpkg.com CDN. These are well-known technology services used for legitimate development purposes.
[DATA_EXFILTRATION]: The skill performs extensive file system operations (reading source HTML/CSS and writing export artifacts) within a localized project directory. It implements a security-focused SVG validation step in presentation_svg_pipeline.mjs and safety.md that explicitly blocks elements and attributes capable of making external network requests (e.g., <script>, external href, data:, url(...) with remote protocols).
[PROMPT_INJECTION]: The skill instructions in SKILL.md and the various workflow references are strictly task-oriented and emphasize adherence to specific quality and safety protocols. There are no attempts to override agent safety guidelines or hide malicious instructions.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process user-supplied content into presentations. To mitigate risks from untrusted data, it implements an 'Asset Gate' (asset-gate.md) which requires every visual element to be logged in a manifest and validated against safety rules before being included in a design.

presentation-design