The Agent Skills Directory

[COMMAND_EXECUTION]: The script md_to_pptx.py invokes ffmpeg and ffprobe to handle video metadata and frame extraction. These calls are implemented using subprocess.run with argument lists rather than shell strings, which is a secure practice that prevents command injection.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted data from the local project environment. Evidence Chain: 1) Ingestion points: Git commit messages and experiment log files (e.g., metrics.json, *.log) scanned in Phase 2; 2) Boundary markers: explicit instructions to remain factual, avoid editorializing, and use a restricted markdown schema; 3) Capability inventory: file-write operations and execution of local conversion scripts; 4) Sanitization: a mandatory Phase 4 review step where the agent must present the outline for user approval before generating the final presentation. This mitigates the risk of the agent following malicious instructions embedded in project logs.
[EXTERNAL_DOWNLOADS]: The skill documentation recommends installing standard, well-known dependencies such as python-pptx, Pillow, and puppeteer. These are legitimate libraries required for document generation and diagram rendering.

results-to-slides