The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes several Python scripts (extract_mermaid.py, mermaid_to_image.py, and resilient_diagram.py) that interface with the system to render diagrams. These scripts use the subprocess.run method with arguments passed as a list, which effectively mitigates the risk of shell injection. This behavior is necessary for the skill's primary function of converting text to images using the mmdc utility.\n- [EXTERNAL_DOWNLOADS]: The skill references and recommends the installation of @mermaid-js/mermaid-cli via NPM. As a well-known service maintained by the Mermaid.js organization, this dependency is considered safe and does not escalate the security verdict. No other external packages or scripts are downloaded at runtime.\n- [DATA_EXPOSURE]: Documentation examples within the skill, such as those for Spring Boot and Java WebApps, contain placeholder configurations and generic connection strings (e.g., password="secure_password"). These are clearly identified as templates for user guidance and do not represent hardcoded credentials for the skill itself.\n- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process Mermaid diagram code provided by users or extracted from local Markdown files. While this creates a potential surface for indirect prompt injection where malicious instructions could be embedded in diagram labels, the skill's use of hierarchical loading and specialized guides provides sufficient context to maintain operational focus on diagram generation. The capability to write to the filesystem is restricted to user-specified directories (defaulting to ./diagrams/).

design-doc-mermaid