The Agent Skills Directory

[COMMAND_EXECUTION]: scripts/render_schematic.py uses subprocess.run to execute the Draw.io CLI for diagram rendering and brew for software installation on macOS.
[EXTERNAL_DOWNLOADS]: scripts/nano_banana_client.py makes network requests to the Google Gemini API (generativelanguage.googleapis.com) to generate schematic images.
[EXTERNAL_DOWNLOADS]: scripts/render_schematic.py can automatically trigger a download and installation of Draw.io using the Homebrew (brew) package manager on macOS.
[PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection (Category 8) due to its ingestion of user-controlled data that influences subsequent agent actions.
Ingestion points: scripts/ai_extract_tex.py and scripts/plan_schematic.py read content from user-provided LaTeX files and natural language context.
Boundary markers: The skill interpolates untrusted data into Markdown-based "offline evaluation protocols" (e.g., ai_tex_request.md) inside code blocks, which reduces but does not eliminate the risk of the host AI obeying instructions hidden in the data.
Capability inventory: The skill possesses capabilities for shell command execution (scripts/render_schematic.py), file system writes (scripts/utils.py), and network communication (scripts/nano_banana_client.py).
Sanitization: The skill includes robust path traversal protection via is_safe_relative_path and whitelists configuration changes, but it does not sanitize user data against natural language injection patterns.

nsfc-schematic