The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/slide-token-validator.py uses subprocess.run to call a local HTML validation utility. This execution is performed safely using a list of arguments to prevent shell injection and is used for internal process coordination.
[EXTERNAL_DOWNLOADS]: The skill references standard web assets from well-known services, specifically Google Fonts for typography and Pexels for slide backgrounds. These are legitimate uses consistent with the skill's purpose.
[SAFE]: The HTML generation logic in scripts/generate-slide.py incorporates security best practices by escaping user-supplied content and validating URL schemes before embedding them in output files, effectively mitigating potential injection risks.

ckm-design-system