The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill implements a workflow where a 'Lead Agent' processes research data from sub-agents to generate local JavaScript files (e.g., slide-XX.js). These generated scripts are then executed using the node command. Because the content of these scripts is derived from untrusted web data gathered via web_search and web_fetch, it creates a path for arbitrary code execution if malicious web content is crafted to escape string literals in the generated code.
[COMMAND_EXECUTION]: The skill uses shell scripts to orchestrate its agent pipeline. This includes spawning sub-agents via the claude CLI and running Node.js to compile the final PPTX output. The use of shell-based automation across multiple files and directories increases the overall attack surface of the skill.
[EXTERNAL_DOWNLOADS]: The skill directs the installation of several external software packages from official registries (NPM and PyPI), such as pptxgenjs, markitdown, sharp, react-icons, react, and react-dom. These downloads are from well-known sources and are required for the skill's primary presentation-generation functionality.
[PROMPT_INJECTION]: The skill has a significant exposure to indirect prompt injection. It ingests untrusted data from the public web via research agents and uses that data to influence code generation and design decisions.
Ingestion points: Web content is retrieved through web_search and web_fetch operations and stored in the workspace/research-notes/ directory.
Boundary markers: There are no explicit delimiters or markers in the prompts to distinguish between retrieved web content and the agent's core instructions.
Capability inventory: The agent possesses the capability to write files and execute shell and Node.js commands.
Sanitization: The instructions do not describe any mechanisms for validating or sanitizing retrieved web data before it is incorporated into the generated JavaScript code.

Geek-skills-notion-infographic