The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's primary function is to generate a Node.js script (generate-case-study.js) and execute it to produce a PowerPoint file. This 'Dynamic Execution' (Category 10) of runtime-generated code is a security risk because any failure to sanitize user-provided text (transcripts/notes) used in the script's contents could lead to arbitrary code execution on the host system.
[COMMAND_EXECUTION]: The workflow requires the execution of multiple shell commands, specifically node generate-case-study.js for generation and python -m markitdown for content validation. This demonstrates active use of the host's command-line environment for critical tasks.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8).
Ingestion points: Phase 3 ingests raw narrative data from external transcripts, notes, and briefs.
Boundary markers: The instructions do not establish boundary markers or 'ignore' guidelines to isolate the narrative data from the script generation logic.
Capability inventory: The agent possesses capabilities to read files, write files, and execute shell commands.
Sanitization: There is no evidence of input validation or sanitization routines to handle potentially malicious payload strings in the source data.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of numerous external dependencies from NPM (pptxgenjs, react-icons, react, react-dom, sharp) and PyPI (markitdown, Pillow). While these are well-known packages, they represent a broad external dependency chain that must be maintained securely.
[DATA_EXFILTRATION]: The CSS extraction feature (Phase 2) allows the agent to navigate to arbitrary URLs provided by the user and execute JavaScript to harvest styling data. This capability could be abused for Server-Side Request Forgery (SSRF) or to probe internal network resources and configuration files.

case-study