The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses a dedicated maintenance script to download Noto Sans CJK font binaries from the official Google Noto Fonts GitHub repository (github.com/notofonts/noto-cjk). This is a standard functional requirement for supporting high-quality multi-language PDF rendering and targets a trusted well-known service.
[COMMAND_EXECUTION]: The skill invokes its own local Python script (scripts/download_fonts.py) using subprocess.run to verify font integrity and perform updates. This execution is limited to internal maintenance tasks and does not involve arbitrary or unsanitized user input.
[INDIRECT_PROMPT_INJECTION]: The skill acts as a document renderer that ingests untrusted user content in Markdown, HTML, and JSON formats.
Ingestion points: User-provided text and structured data used as input for the rendering process.
Boundary markers: No explicit security delimiters or ignore-instructions are used during the prompt interpolation process.
Capability inventory: The skill has file system write access for saving generated PDFs, network access for font acquisition, and subprocess execution for maintenance.
Sanitization: Input is processed through structural parsers such as BeautifulSoup and the markdown library, which provides basic formatting safety but is not designed specifically for sanitizing adversarial prompt injection content.

pdf-writer