The Agent Skills Directory

[DATA_EXFILTRATION]: The sharing mechanism implemented in share.sh facilitates the deployment of generated HTML content to Vercel. These deployments are public and unauthenticated by default, meaning any sensitive data the agent includes in a visualization (such as system architecture, code diffs, or data audits) becomes accessible to anyone with the URL once the /share command is used.- [COMMAND_EXECUTION]: The skill utilizes local shell commands for various operations. It uses open or xdg-open to display generated HTML, which surf to check for the presence of the image generation tool, and executes the share.sh script. The share.sh script further executes a deployment script from the vercel-deploy skill.- [EXTERNAL_DOWNLOADS]: The generated HTML templates incorporate dependencies from well-known external sources. This includes loading JavaScript libraries (Mermaid.js, Chart.js, anime.js) from jsdelivr.net and typography from fonts.googleapis.com. These assets are downloaded by the browser when the generated files are opened.- [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection as it ingests untrusted data from the agent's context and interpolates it into HTML and JavaScript templates.
Ingestion points: Data extracted from the environment (e.g., code changes, technical specs, email summaries) that is passed to the visualization templates.
Boundary markers: The templates do not utilize specific delimiters or boundary markers to distinguish between the visualization's structural code and the untrusted data being displayed.
Capability inventory: The skill can write files to the local system (~/.agent/diagrams/), execute shell scripts (share.sh), and interact with local CLI tools (surf).
Sanitization: No explicit HTML escaping or input sanitization logic is evident in the templates to prevent malicious data from influencing the page execution or layout.

visual-explainer