The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses bundled Python scripts (add-arrow.py, add-icon-to-diagram.py, split-excalidraw-library.py) to programmatically modify .excalidraw diagram files and manage icon assets. These scripts use standard Python libraries for file I/O and coordinate calculations.
[EXTERNAL_DOWNLOADS]: Skill documentation references https://libraries.excalidraw.com/ as a source for users to download additional icon libraries. This is a well-known service within the Excalidraw community.
[PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill processes natural language descriptions and external JSON library files to generate structured diagram data.
Ingestion points: Natural language requests from users and external .excalidrawlib library files processed by the splitter script.
Boundary markers: No explicit delimiters or boundary markers are defined to separate user-provided content from internal agent instructions.
Capability inventory: The skill possesses file read/write capabilities through bundled Python scripts but lacks network access or high-privilege system execution.
Sanitization: Although the library splitter sanitizes filenames, the add-icon-to-diagram.py script does not validate the icon_name parameter against path traversal, which could potentially allow reading of other .json files if the parameter is manipulated by a subverted agent.

excalidraw-diagram-generator