The Agent Skills Directory

[Privilege Escalation] (MEDIUM): The puppeteer-config.json file disables the Chrome sandbox (--no-sandbox), which is a critical security feature. This configuration choice increases the risk of exploitation if the Mermaid renderer processes malicious input. Additionally, reference documentation provides sudo instructions for system setup.\n- [External Downloads] (LOW): Documentation includes instructions to download and install Chrome using wget and apt. While these target trusted sources (google.com), they involve high-privilege operations.\n- [Command Execution] (LOW): The skill orchestrates diagram processing through shell and Python scripts, invoking the Mermaid CLI and headless Chrome.\n- [Indirect Prompt Injection] (LOW): The skill ingests untrusted markdown files.\n
Ingestion points: scripts/extract_diagrams.py reads the markdown file provided as an input argument.\n
Boundary markers: None; the script identifies Mermaid diagrams using standard markdown delimiters.\n
Capability inventory: The skill can write to the filesystem and execute the Mermaid CLI rendering engine.\n
Sanitization: Mermaid code content is extracted and processed without sanitization.

mermaid-tools