The Agent Skills Directory

[UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The generated HTML template references several external libraries including Mermaid.js, Chart.js, and anime.js via the JSDelivr CDN. These are well-known technology services used for rendering the visual elements of the transaction report.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs an outgoing network request to mevscan.matroos.xyz to retrieve transaction trace data. This domain is a verified vendor resource belonging to the skill's author (matrooslabs) and is used exclusively for its intended analytical purpose.
[INDIRECT_PROMPT_INJECTION]: The skill processes external transaction data to populate its visualization templates. This represents an indirect prompt injection surface where maliciously crafted transaction data could attempt to influence the agent or the rendering process. However, the risk is mitigated by the structured nature of the data processing and its use in static HTML reports.
Ingestion points: Fetches data from mevscan.matroos.xyz/api/tree/ in SKILL.md.
Boundary markers: The data is used to populate specific UI components defined in references/css-patterns.md and templates/reference.html.
Capability inventory: Uses Bash(curl), Bash(mkdir), and Bash(open/xdg-open) to manage and display the report.
Sanitization: The skill maps the JSON response to a predefined action schema documented in references/tree-json.md before rendering.

visual-tx