The Agent Skills Directory

Standard Tool Installation: The instructions provide commands to install the uv package manager from its official source. This is a routine setup step for the tool's environment.
Validated Script Execution: The skill supports custom Python logic for complex slides through content-extra.py files. To mitigate potential considerations, the build process includes an AST-based validator that restricts imports to an allowlist of safe modules and blocks potentially risky built-in functions.
Hardened Image Processing: During content extraction, the skill performs security checks on embedded images, including magic-byte validation for WMF/EMF files and hardened XML parsing for SVG content to prevent XML External Entity (XXE) concerns.
System Tool Integration: The pipeline utilizes established system utilities like LibreOffice and Poppler for document conversion and rendering. These are standard dependencies for the skill's export and validation features.
Indirect Prompt Injection Surface: The skill ingests data from YAML configuration files and slide content. While these are used to drive document generation, the skill implements code validation and restricted namespaces for associated scripts to maintain a secure execution environment.

powerpoint