The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/render.ts utilizes child_process.execSync to run package management commands such as npm install or bun add if the beautiful-mermaid library is not present in the environment.\n- [EXTERNAL_DOWNLOADS]: The skill is designed to dynamically fetch and install the beautiful-mermaid package from the NPM registry at runtime if it is not already available.\n- [PROMPT_INJECTION]: The scripts/create-html.ts script constructs an HTML wrapper by directly interpolating SVG content generated from user-provided Mermaid code into a template. This architecture presents a surface for indirect prompt injection, as malicious Mermaid syntax could lead to the execution of arbitrary scripts when the agent views the resulting HTML file in a browser.\n
Ingestion points: Untrusted Mermaid code is ingested via the --code or --input arguments in scripts/render.ts.\n
Boundary markers: There are no boundary markers or instructions to ignore embedded commands when processing the Mermaid code.\n
Capability inventory: The skill workflow involves shell command execution for package management, file system writes for generating diagrams, and the use of agent-browser to open local files.\n
Sanitization: The skill does not perform sanitization or validation on the Mermaid code or the resulting SVG content before embedding it into the HTML wrapper.

beautiful-mermaid