The Agent Skills Directory

[PROMPT_INJECTION]: The skill ingests untrusted data by reading and cataloging existing .pptx files during editing or redesign workflows. This creates an indirect prompt injection surface where a malicious file could attempt to influence the agent's behavior.
Ingestion points: Existing presentations are read via the python-pptx library as seen in the SKILL.md and references/python-pptx-reference.md workflows.
Boundary markers: The skill does not implement explicit delimiters or instructions to isolate ingested content from its own control logic.
Capability inventory: The agent can execute shell commands (osascript, pip) and has full file-write access to the local system.
Sanitization: Implements XML character escaping for generated content.
[REMOTE_CODE_EXECUTION]: The skill includes logic in references/audit-system.md to dynamically load and execute an optional Python module (pptx_audit.py) from a local directory (~/.claude/skills/pptx-audit-and-fix/) using importlib.
Evidence: The 'Pass B' section of the audit system contains code that checks for the existence of the sister skill and executes its module if found.
Note: This dynamic loading targets a specific local path within the agent's workspace and is used for its primary auditing purpose, mitigating the risk compared to arbitrary remote loading.
[COMMAND_EXECUTION]: The skill uses osascript to control the Microsoft PowerPoint application lifecycle and navigate slides. It also uses pip for dependency management and screencapture for visual verification. These commands are consistent with the skill's stated purpose of automating macOS applications.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of well-known Python packages including python-pptx, lxml, and Pillow from standard registries. These are trusted dependencies commonly used for presentation and image processing.

pptx-design