The Agent Skills Directory

[SAFE]: The skill follows security best practices for handling user-provided data. The scripts/generate.py utility employs html.escape() to sanitize all node names, subtitles, and titles before embedding them in the SVG/HTML output. Additionally, it implements a custom sanitize_css() function that uses regular expressions to strip potentially malicious vectors—such as <script> tags, javascript: URIs, and @import rules—from user-provided styles. These measures effectively mitigate the risk of Cross-Site Scripting (XSS). The tool has zero external dependencies and operates entirely on local files, minimizing the risk of supply-chain attacks or unauthorized data exfiltration.
[PROMPT_INJECTION]: While the skill processes untrusted JSON data which creates an indirect prompt injection surface, the risk is mitigated by comprehensive sanitization. 1. Ingestion points: topology.json input file processed by scripts/generate.py. 2. Boundary markers: Data is treated as structured JSON with no specific behavioral instructions. 3. Capability inventory: Limited to reading local input files and writing generated diagrams to the local filesystem. 4. Sanitization: Robust implementation using HTML escaping and regex-based CSS filtering.

agent-topology