The Agent Skills Directory

[COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute shell commands to perform diagram rendering and environment validation.
Evidence in SKILL.md: The instruction "只要新增或修改了 UML 内容，必须使用 PLANTUML_ASL_JAR 重新渲染成功" (As long as UML content is added or modified, it must be re-rendered successfully using PLANTUML_ASL_JAR).
Evidence in references/plantuml-validation.md: Explicit bash snippets for the agent to execute, such as java -jar "${PLANTUML_ASL_JAR}" -tsvg /tmp/uml-smoke.puml -o /tmp.
The skill also directs the use of shell utilities like rg (ripgrep) and find to verify file contents and structures in the workspace.
[REMOTE_CODE_EXECUTION]: The skill directs the execution of an external binary (Java JAR) whose path is determined dynamically at runtime via the PLANTUML_ASL_JAR environment variable. This dynamic loading from a computed path allows for arbitrary code execution if the environment variable points to a malicious file.
[PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection (Category 8). It ingests untrusted business requirements from the user and interpolates them into a .puml file which is then processed by a shell-based renderer. While the instructions include formatting checks (e.g., checking for specific泛型 tags using rg), there is no comprehensive sanitization of user-provided content before it is passed to the external java -jar process.

eliteforge-java-uml