The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The documentation provides instructions to clone a repository and install dependencies from a third-party GitHub repository (https://github.com/yctimlin/mcp_excalidraw) to set up the required canvas server. While GitHub is a well-known service, the repository is managed by an unverified user.
[COMMAND_EXECUTION]: The skill includes multiple Node.js scripts in the scripts/ directory that perform file system operations. Specifically, scripts/create-element.cjs, scripts/import-elements.cjs, and scripts/update-element.cjs read local files, while scripts/export-elements.cjs writes data to the local file system. These scripts use command-line arguments to determine file paths, which could be misused to access or overwrite sensitive files if the agent is not properly constrained.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the canvas scene.
Ingestion points: Data enters the agent's context through the describe_scene tool, which returns text labels and element descriptions from the canvas, and get_canvas_screenshot, which provides visual data.
Boundary markers: The instructions do not define boundary markers or provide the agent with specific guidelines to ignore or sanitize instructions embedded within diagram labels or text elements.
Capability inventory: The skill possesses significant capabilities, including full CRUD operations on diagram elements, local file read/write access via included scripts, and the ability to perform network requests to the configured server URL.
Sanitization: There is no evidence of sanitization, validation, or escaping of the text content retrieved from the canvas elements before it is processed by the agent.

excalidraw-skill