The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Hardcoded Firebase configuration found in references/firebase-config.md. This includes a specific apiKey ("AIzaSyAYQhNavPSce17XtvDC5xnXyl9iUhW9KjA") and project metadata for "teacherstudy-109ef". Hardcoding these credentials directly into templates that are later baked into a publicly deployed index.html is an insecure practice that exposes project infrastructure.
[COMMAND_EXECUTION]: The skill performs several potentially dangerous shell operations to manage project lifecycle.
It executes repository initialization and deployment commands using git and the GitHub CLI (gh). This includes gh repo create and gh api calls that interact with the user's GitHub account.
It invokes local Python scripts and potentially other skills via python "{{DRAW_SKILL_PATH}}" and the included scripts/remove_bg.py.
[EXTERNAL_DOWNLOADS]: The skill generates HTML templates that fetch resources from external Content Delivery Networks (CDNs).
It downloads the Reveal.js framework and CSS from cdn.jsdelivr.net.
It downloads the Firebase SDK from www.gstatic.com and a wordcloud library from cdn.jsdelivr.net. These sources are well-known technology providers.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted external data with high-privilege capabilities.
Ingestion points: Reads arbitrary content from any teaching material provided by the user, including text, Markdown, and PDF files as described in SKILL.md (Section 0).
Boundary markers: Absent. The skill does not employ delimiters or explicit instructions to ignore commands embedded within the ingested materials.
Capability inventory: The skill has permissions to create and push to GitHub repositories, write local files, and execute shell commands/scripts.
Sanitization: Absent. There is no evidence of input validation or content filtering before the ingested data is used to generate the slide structure and code.

html-slide-builder