The Agent Skills Directory

[Privilege Escalation] (HIGH): The documentation explicitly instructs the use of sudo apt-get install and sudo yum install. These commands acquire administrative privileges, which is a high-risk operation for an AI agent to perform or suggest in a standard workflow.
[Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill suggests downloading a JAR file from https://github.com/plantuml/plantuml/releases/download/v1.2024.0/plantuml-1.2024.0.jar and executing it with java -jar. Since the plantuml GitHub organization is not on the provided trusted list, this constitutes an untrusted remote code execution vector.
[Indirect Prompt Injection] (LOW): The skill processes untrusted user data (diagram definitions) and passes it to the Bash tool to generate output. There are no sanitization steps or boundary markers to prevent the input from potentially containing malicious instructions targeted at the agent or the underlying shell environment.
Ingestion points: User-provided PlantUML text passed to the agent to create files.
Boundary markers: None; diagrams are written directly to files and processed.
Capability inventory: Uses Bash for command execution, Write for file creation, and Read for viewing results.
Sanitization: No escaping or validation is performed on the user-provided diagram content before shell processing.

plantuml-ascii