The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill exhibits a high vulnerability to indirect prompt injection (Category 8) because its primary workflow involves ingesting and acting upon untrusted external data.
Ingestion points: Processes inputs/requirements.md, images, and Excel files to drive an 'Orchestrator' agent.
Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external file content as data rather than instructions.
Capability inventory: The agent can write files to the outputs/ directory and execute a Python validation script.
Sanitization: While HTML encoding is mentioned for XML structural integrity, there is no sanitization to prevent the agent from obeying instructions embedded within the requirements files.
[EXTERNAL_DOWNLOADS] (MEDIUM): Automated scanners (URLite) flagged the file requirements.md as containing a blacklisted URL. While the content of this file was not provided in the snippet, the reference in SKILL.md suggests the skill is intended to interact with or process data from potentially malicious sources.
[COMMAND_EXECUTION] (LOW): The skill executes scripts/validate_drawio.py. A manual audit of this script confirms it uses safe, standard libraries (xml.etree.ElementTree, pathlib) for local XML validation and does not perform network requests or arbitrary command execution.

drawio-diagram-forge