The Agent Skills Directory

Indirect Prompt Injection (SAFE): The skill is designed to process user requests for flowchart generation and has access to high-privilege tools such as Bash and Write. While this creates a vulnerability surface for indirect prompt injection, no active exploitation logic is present.
Ingestion points: User requests mentioning "mermaid flowchart generator".
Boundary markers: Absent from the skill definition.
Capability inventory: Access to Bash, Write, Edit, Read, and Grep tools.
Sanitization: No explicit sanitization or instructions to isolate user-provided data from command execution are provided.
Command Execution (SAFE): The skill requests the Bash tool, which is a powerful capability. However, there are no predefined shell commands, script execution logic, or suspicious subprocess calls within the skill file itself.
Metadata Analysis (SAFE): The metadata fields (name, author, license) appear legitimate and consistent with the stated purpose of generating Mermaid diagrams.

mermaid-flowchart-generator