The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates a Python script at runtime to automate the creation of PowerPoint files. This script is constructed using content parsed from external documents provided by the user via a URL or file path. This pattern of dynamic script generation from untrusted inputs presents a risk of command injection if the input content is not rigorously sanitized before being embedded into the script.
[EXTERNAL_DOWNLOADS]: The skill includes instructions to automatically install the python-pptx package from the public Python Package Index (PyPI) if it is missing from the environment. Although this is a widely used and legitimate library, automated package installation at runtime is an external dependency that should be monitored.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes content from external URLs and files. This external data is used to drive the presentation structure and generate the Python code, providing an opportunity for malicious instructions within the source documents to attempt to influence the agent's behavior. Ingestion points: The skill fetches source material from user-provided URLs or file paths in the 'Read the source document' section. Boundary markers: The skill lacks explicit instructions or markers to isolate untrusted content from its internal instruction logic. Capability inventory: The skill can install software via pip, write files to the local system, and execute shell commands/scripts. Sanitization: No specific sanitization or escaping of the text extracted from source documents is documented before it is used in the script generation process.

deck-builder