The Agent Skills Directory

[COMMAND_EXECUTION]: The function mermaidToSvg in SKILL.md uses child_process.execSync to execute a shell command string constructed from user-supplied options. Because variables such as width, height, and bgColor are concatenated into the string without sanitization or escaping, an attacker could inject arbitrary shell commands if these values are derived from untrusted input.
[REMOTE_CODE_EXECUTION]: The skill executes npx mmdc to perform diagram rendering. This command dynamically downloads and runs the mermaid-cli package from the npm registry at runtime, which constitutes remote code execution of unvetted and unpinned external code.
[EXTERNAL_DOWNLOADS]: The skill fetches a font stylesheet from cdn.jsdelivr.net to support Korean character rendering in the generated SVG files. This is documented neutrally as a functional dependency on a well-known content delivery service.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes complex, untrusted Mermaid syntax that is subsequently passed to a renderer and shell-based CLI. Ingestion points: mermaidCode and options parameters in mermaidToSvg. Boundary markers: Absent. Capability inventory: execSync (shell access), fs (file system operations), and npx (unvetted remote code execution). Sanitization: Absent.

svg-diagram