The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is instructed to process sensitive file types such as .env, .tf, and Dockerfile in the Input Handling section of SKILL.md. This behavior can lead to the exposure of credentials and infrastructure secrets within the generated HTML diagrams saved to the local disk.- [COMMAND_EXECUTION]: According to the Output section in SKILL.md, the skill executes local system commands (open on macOS or xdg-open on Linux) to display the resulting HTML file. Generating a script-bearing file from untrusted input and then immediately opening it in a browser is a risky execution pattern.- [PROMPT_INJECTION]: The skill has a large attack surface for indirect prompt injection because it consumes arbitrary content from a wide range of file types to drive its diagramming logic.
Ingestion points: Reads arbitrary file content via the agent's file system tools as defined in SKILL.md.
Boundary markers: Absent. The instructions do not specify any delimiters or safety warnings for processing untrusted file content.
Capability inventory: File writing (saving HTML) and system command execution (opening the browser).
Sanitization: Absent. No sanitization or validation of input content is mentioned; the agent is told to "intelligently extract" whatever is found in the provided files.

diagram-creator