The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (MEDIUM): The export procedure described in references/export.md instructs the agent to use browser_run_code to perform a dynamic ESM import (import('https://esm.sh/@excalidraw/utils@0.1.2')). This fetches and executes JavaScript from an external, unvetted CDN at runtime within the agent's browser environment.
[COMMAND_EXECUTION] (MEDIUM): The skill requires the agent to execute multiple shell commands to facilitate diagram exports, including starting a background local network listener (python3 -m http.server 8765 &) and using shell pipes (echo ... | base64 -d > <filename>.png) to process and write image data. Background processes can lead to resource exhaustion or unauthorized local network access.
[EXTERNAL_DOWNLOADS] (LOW): The skill relies on external assets from esm.sh. Since this source is not on the trusted list, the runtime download of executable code is flagged as a risk.
[DATA_EXFILTRATION] (LOW): The skill's primary function is to analyze the local codebase (via Glob, Grep, and Read). The resulting architectural data is then passed into a browser context where external scripts are being executed, creating a potential (though indirect) path for sensitive structural data to be exfiltrated.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest untrusted data from any codebase it analyzes to identify components.
Ingestion points: SKILL.md (Step 1: Analyze Codebase) uses Glob and Read tools on the user's project files.
Boundary markers: Absent. No instructions are provided to the agent to ignore embedded instructions within the analyzed codebase.
Capability inventory: The skill has access to file writing, shell command execution, and browser automation.
Sanitization: Absent. Data from the codebase is directly interpolated into the JSON structure and subsequently processed by the agent.

excalidraw