The Agent Skills Directory

Privilege Escalation (HIGH): The 'references/setup_and_troubleshooting.md' file contains commands requiring 'sudo' for repository configuration and package installation, which presents a risk of unauthorized system modification if executed by an automated agent.
Indirect Prompt Injection (HIGH): The skill is vulnerable to indirect prompt injection because it processes untrusted external data with high-privilege capabilities. 1. Ingestion points: 'extract_diagrams.py' reads input from user-provided markdown files. 2. Boundary markers: None identified; the script lacks delimiters to prevent the agent from interpreting embedded instructions as commands. 3. Capability inventory: The skill performs file system writes ('mkdir', 'open') and executes shell commands ('mmdc') that launch a headless browser (Puppeteer). 4. Sanitization: While filenames are sanitized to prevent shell injection, the Mermaid diagram content itself is not validated before being passed to the renderer.
External Downloads (HIGH): The setup guide recommends piping a remote key download directly into 'sudo apt-key add', a pattern that executes remote content with root privileges.
Command Execution (MEDIUM): The 'extract-and-generate.sh' script builds and executes command strings based on file content and environment variables, which could lead to unexpected behavior if inputs are crafted maliciously or if path traversal is attempted via the output directory argument.

mermaid-tools