The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses local command execution for its operational workflow. The scripts/setup.sh script verifies and potentially installs system packages like resvg via Homebrew. The scripts/export.py script executes subprocesses using subprocess.run to call Google Chrome, resvg, and rsvg-convert for image processing.
[EXTERNAL_DOWNLOADS]: The skill connects to https://kroki.io, an established third-party rendering service, to transform structured diagram data into SVG format. This network dependency is a core part of the skill's design and is documented as a requirement for internet access.
[PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection due to the complexity of the data pipeline. User input is used to generate JSON data, which is then rendered remotely and processed locally in a high-privilege environment (Chrome headless).
Ingestion points: Natural language input is converted into .excalidraw JSON files (defined in SKILL.md Step 2).
Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat generated diagram content as untrusted or to sanitize it for the rendering phase.
Capability inventory: The skill possesses capabilities for network communication via urllib.request and system command execution via subprocess.run, including the ability to open local files in a browser.
Sanitization: The skill does not perform sanitization or validation of the SVG data received from the external service before passing it to the Chrome headless renderer.

excalidraw-export