The Agent Skills Directory

[COMMAND_EXECUTION]: The wrapper script scripts/generate-diagram.sh passes all provided command-line arguments directly to the plantuml binary using the "$@" pattern. While syntactically correct, this allows the agent to trigger any flag supported by the underlying tool without restriction.
[PROMPT_INJECTION]: The skill is designed to process diagram definitions (Category 8 surface) which may be sourced from untrusted external data such as pull request descriptions or user-provided files. Malicious instructions could be embedded in these definitions to attempt to influence the agent's behavior.
Ingestion points: Diagram code provided in .puml files or via stdin as described in SKILL.md.
Boundary markers: None identified; diagram content is passed directly to the generation tool.
Capability inventory: Subprocess execution of plantuml, file read access for input files, and file write access for output diagrams.
Sanitization: No sanitization or validation of the diagram content is performed before processing.
[DATA_EXFILTRATION]: The PlantUML engine supports the !include directive, as noted in the C4 architecture examples in SKILL.md. This capability could be exploited by a malicious diagram definition to include sensitive local files (e.g., .env, SSH configurations) and render their contents into the generated image, facilitating data exposure.

plantuml