The Agent Skills Directory

[Prompt Injection] (SAFE): No instructions attempting to bypass safety filters or override agent behavior were found in the documentation or script comments.
[Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive files (e.g., credentials or SSH keys) or perform network operations. No hardcoded secrets were detected.
[Obfuscation] (SAFE): No encoded or hidden content, such as Base64-encoded strings or zero-width characters, was detected in any of the files.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill relies on local scripts and standard CLI utilities (drawio, git). It does not perform remote script downloads or piped execution.
[Privilege Escalation] (SAFE): No use of sudo, chmod 777, or other privilege escalation techniques were detected. The scripts run with standard user permissions.
[Persistence Mechanisms] (SAFE): The skill does not attempt to modify shell profiles, cron jobs, or system services to maintain persistence.
[Indirect Prompt Injection] (SAFE): The skill processes untrusted .drawio XML files, presenting a potential surface for indirect prompt injection if diagram labels contain malicious instructions.
Ingestion points: .drawio XML files are processed by scripts/convert-drawio-to-png.sh and read by the agent.
Boundary markers: Absent in the current implementation.
Capability inventory: Shell execution of the drawio CLI and local file modification via git add.
Sanitization: No content-based sanitization is performed on the XML data.
[Dynamic Execution] (SAFE): The skill does not use eval(), exec(), or any form of runtime code generation or compilation.

draw-io