The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's bootstrap process in scripts/codex_ppt_runtime.py downloads required Python dependencies from the official PyPI registry into a managed virtual environment located in the user's home directory.
[COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/codex_ppt_runtime.py to create a virtual environment and install packages. These calls are implemented securely using argument lists rather than shell strings, preventing potential command injection.
[CREDENTIALS_UNSAFE]: The skill manages OPENAI_API_KEY by storing it in ~/.codex-ppt-skill/.env. It implements a security best practice by explicitly setting the file permissions to 0600 (read/write only for the owner), which mitigates the risk of credential exposure to other users on the system.
[PROMPT_INJECTION]: The skill ingests untrusted user content (such as articles or reports) and interpolates it into prompts for image generation models, creating an indirect prompt injection surface.
Ingestion points: User-provided text, articles, or reports processed via SKILL.md and passed to scripts/image_gen.py.
Boundary markers: The skill uses a structured JSON visual brief to separate system-level style instructions from user-provided content, providing some protection against instruction overriding.
Capability inventory: The skill has the capability to perform network requests to external APIs, write files to the local filesystem, and execute subprocesses for runtime management.
Sanitization: There is no explicit sanitization or keyword filtering of the user-provided text before it is inserted into the generation prompt.

codex-ppt