The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches external tools and images during execution.
Downloads the @mermaid-js/mermaid-cli package from the NPM registry.
Pulls and runs the minlag/mermaid-cli image from Docker Hub, which is a third-party community image not associated with a verified or trusted organization.
[REMOTE_CODE_EXECUTION]: Executes code from external sources.
Runs arbitrary code contained within the minlag/mermaid-cli Docker container on the local host.
[COMMAND_EXECUTION]: Executes several local commands and scripts.
Runs repository-specific scripts: scripts/setup-tmp.sh and scripts/website-lint.sh.
Initiates a local web server using python -m http.server 3000 for verification, which could potentially expose local files if the working directory contains sensitive data.
[PROMPT_INJECTION]: Vulnerable to indirect prompt injection via the processed diagram file.
Ingestion points: Processes content from docs/agents.md by extracting Mermaid code blocks.
Boundary markers: Uses sed to isolate content between mermaid code fence markers, providing a basic structural boundary.
Capability inventory: Possesses capabilities to execute shell scripts, write to the file system (website/ai-workflow.svg), and run a local network server.
Sanitization: No validation or sanitization of the extracted Mermaid DSL is performed before it is passed to the rendering engine, potentially allowing for specialized injection attacks targeting the renderer or subsequent SVG processing.

update-workflow-diagram