The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions (Phase 5) direct the agent to generate a .mjs script (generate-ppt.mjs) by populating a template with data extracted from source code and user inputs, then executing it using node. This dynamic script generation and execution pattern presents a risk of code injection if the extracted content is not properly sanitized.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of external Node.js packages, specifically pptxgenjs and marked, to facilitate PPT generation and Markdown-to-HTML conversion.
[DATA_EXFILTRATION]: The workflow suggests starting a local web server using python3 -m http.server 8080 (Phase 4.2) to preview the generated manual and diagrams. This exposes the output directory, which may contain business logic or configurations extracted from source code, to the local network.
[REMOTE_CODE_EXECUTION]: The skill workflow involves downloading third-party packages from NPM and executing locally generated scripts that depend on those packages. While the packages are well-known, the combination of external code and local script generation creates a path for potentially unsafe execution environments.

ops-manual-generator