The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the npx --yes @mermaid-js/mermaid-cli command to render Mermaid diagram definitions into PNG files. This execution is central to the skill's advertised purpose and utilizes a standard, reputable tool.
[EXTERNAL_DOWNLOADS]: The use of npx involves downloading the @mermaid-js/mermaid-cli package from the official npm registry. As this is a well-known package from a trusted organization, it is considered a legitimate and safe dependency for the intended task.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it converts user-provided data into Mermaid diagram code. 1. Ingestion points: User requests for diagrams, flowcharts, and other visualizations in SKILL.md. 2. Boundary markers: There are no explicit delimiters or instructions for the agent to sanitize or ignore instructions embedded within the user-provided diagram descriptions. 3. Capability inventory: The skill creates files (.mmd, .png) and executes shell commands (npx) as part of its rendering workflow. 4. Sanitization: The instructions do not specify any validation or sanitization steps for the user-influenced diagram content or file names.

mermaid-diagram