The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The script tools/validate.sh uses npx -y to fetch and execute @mermaid-js/mermaid-cli and beautiful-mermaid from the npm registry at runtime.
Evidence: npx -y @mermaid-js/mermaid-cli and npx -y --package beautiful-mermaid in tools/validate.sh.
Risk: By not pinning specific versions or using a lockfile, the skill is vulnerable to supply chain attacks where a compromised package update could execute malicious code on the host system.
[REMOTE_CODE_EXECUTION] (HIGH): The use of npx to run unverified remote packages constitutes a remote code execution vector.
[DYNAMIC_EXECUTION] (MEDIUM): The script executes a Node.js one-liner that performs a dynamic require() based on a path derived from the PATH environment variable.
Evidence: require(path.join(moduleRoot, "beautiful-mermaid")) where moduleRoot is derived from process.env.PATH.split(":")[0].
Risk: This is a non-standard loading mechanism. If an attacker can influence the PATH variable, they may be able to redirect the require call to load a malicious local module.
[INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes untrusted input files (diagram.mmd) using the Mermaid CLI, which utilizes a headless browser (Puppeteer).
Ingestion Point: INPUT variable in tools/validate.sh (reading diagram.mmd).
Boundary Markers: None. The script directly passes the file content to the CLI.
Capability Inventory: Command execution (npx), file system writes (mktemp, -o "$OUTPUT").
Sanitization: None. The content of the .mmd file is parsed as-is.
Risk: Malicious Mermaid diagrams can sometimes exploit the underlying browser rendering engine or the CLI parser to perform unauthorized actions or read local files within the browser context.

mermaid