The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The scripts/render.ts file includes an ensurePackage function that automatically triggers npm install or bun add for the beautiful-mermaid library if it is missing from the environment. This represents dynamic dependency fetching at runtime.
[COMMAND_EXECUTION] (MEDIUM): The script uses node:child_process.execSync to run shell commands for installing dependencies. While the package name is currently hardcoded, using shell execution for environment setup is a risky pattern that bypasses static dependency management.
[REMOTE_CODE_EXECUTION] (MEDIUM): The script implements a 'download and execute' pattern by installing the beautiful-mermaid package and immediately loading it into the process via await import(). This is a potential vector for supply-chain attacks.
[PROMPT_INJECTION] (LOW): A vulnerability surface for indirect prompt injection exists in the diagram rendering pipeline.
Ingestion points: User-controlled Mermaid syntax provided via the --code or --input arguments in scripts/render.ts.
Boundary markers: No explicit delimiters or instructions are used to treat the Mermaid code as untrusted data.
Capability inventory: The skill possesses the ability to write to the filesystem (writeFileSync), execute shell commands (execSync), and trigger browser-based rendering through the agent-browser dependency.
Sanitization: Absent. The scripts/create-html.ts file interpolates the raw ${svgContent} directly into an HTML template. If the Mermaid library outputs an SVG containing malicious scripts (XSS), those scripts would execute when the HTML wrapper is opened in a browser.

beautiful-mermaid