The Agent Skills Directory

[COMMAND_EXECUTION]: The CAPABILITY.md file contains instructions that interpolate user-provided data directly into shell commands (e.g., echo '${JSON.stringify(data)}' > /tmp/chart-data.json). If the data contains shell-breaking characters that the agent fails to escape, it could lead to arbitrary command execution.\n- [COMMAND_EXECUTION]: The chart.mjs script allows callers to specify arbitrary output paths via the --output flag, and read arbitrary files via the --spec flag. These could be used to overwrite sensitive system files or read non-public JSON files if the agent does not restrict access.\n- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it processes untrusted data (chart labels, titles, and event markers) which are then interpolated into the final visualization and potentially into command-line arguments.\n
Ingestion points: data, title, and annotations arguments in the lineChart, barChart, and areaChart methods.\n
Boundary markers: Absent.\n
Capability inventory: The skill executes the scripts/chart.mjs script via node subprocess calls to generate images.\n
Sanitization: While JSON.stringify is used in templates, there is no explicit shell escaping or validation of user-provided strings before they are used in CLI commands.

chart-image