The Agent Skills Directory

[COMMAND_EXECUTION]: The render-graphs.js utility script uses the Node.js child_process.execSync module to execute system commands (dot -Tsvg and which dot). This functionality is used to render architectural diagrams from documentation and is restricted to local execution.
[PROMPT_INJECTION]: The skill instructs on the use of 'persuasion principles' (Authority, Commitment, Scarcity) and 'bulletproofing' techniques. These are designed to override an agent's reasoning processes to enforce strict compliance with defined workflows (like TDD). While these methods utilize the same psychological framing as advanced prompt injections, they are applied here as a productivity and discipline-enforcement technique.
[PROMPT_INJECTION]: The render-graphs.js script acts as an ingestion surface for potential indirect prompt injection by parsing SKILL.md files for Graphviz code blocks to execute.
Ingestion points: The script reads content from SKILL.md and other documentation files within provided directories.
Boundary markers: There are no explicit boundary markers used when passing extracted content to the system command.
Capability inventory: The script can execute subprocesses via execSync and perform file system writes to the diagrams directory.
Sanitization: Content is passed to the dot command via stdin rather than command-line arguments, which mitigates standard shell-injection vectors, although the Graphviz syntax itself is not validated.

skill-creator