The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/convert.py to execute npx @mermaid-js/mermaid-cli. This is the intended primary purpose of the skill to perform the diagram conversion and is implemented with proper argument handling via the argparse module.
[EXTERNAL_DOWNLOADS]: The conversion engine utilizes npx -y @mermaid-js/mermaid-cli to execute the Mermaid command-line interface. This downloads the official Mermaid utility from the public npm registry if it is not already present, which is standard behavior for this well-known development tool.
[DATA_EXFILTRATION]: There is no evidence of sensitive data access or network transmission to untrusted domains. The script only reads user-provided Mermaid files and writes PNG output locally.
[PROMPT_INJECTION]: The skill instructions do not contain any attempts to override system safety guidelines or extract internal prompts. It actually includes safety constraints ('Negative Instruction Constraints') to prevent the AI from corrupting its own context window with binary data.

convert-mermaid