The Agent Skills Directory

[COMMAND_EXECUTION]: The server management script scripts/playground_server.ts uses lsof and kill -9 to terminate processes occupying its preferred network port. It also uses shell commands to automatically launch the system browser and delete build cache directories.
[EXTERNAL_DOWNLOADS]: The skill's setup scripts (scripts/create_diagram.ts and scripts/playground_server.ts) automatically execute bun install to download dependencies from public registries if they are not already present.
[EXTERNAL_DOWNLOADS]: The playground/package.json file specifies several dependencies with version numbers that do not match official releases or are currently non-existent (e.g., next@16.1.6, zod@^4.3.6, lucide-react@^0.575.0). This pattern is frequently associated with dependency confusion or supply-chain attacks.
[DATA_EXFILTRATION]: The playground app's API endpoints (/api/workflow and /api/signal) perform direct file system read and write operations based on a path provided via a command-line argument. This could be used to read or overwrite sensitive files if an improper path is provided to the script.
[PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface through its 'Send to Agent' callback mechanism.
Ingestion points: scripts/playground_server.ts reads user-edited diagram files and returns their content directly to the agent's context.
Boundary markers: Absent. The diagram data is returned as a raw JSON blob without delimiters or warnings.
Capability inventory: The skill has significant capabilities, including file system access, process termination, and automatic package installation.
Sanitization: Absent. The diagram JSON is not validated or filtered before ingestion.

visual-planner