The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of the @swiftlysingh/excalidraw-cli package from npm and suggests cloning a GitHub repository https://github.com/swiftlysingh/excalidraw-skill. These sources are not associated with trusted or well-known organizations.\n- [REMOTE_CODE_EXECUTION]: The skill executes code from a third-party package using npx @swiftlysingh/excalidraw-cli. This involves downloading and running code from an unverified remote registry at runtime.\n- [COMMAND_EXECUTION]: The skill instructs the agent to run shell commands to create diagram files. These commands incorporate strings generated from user descriptions into an --inline argument, which could be exploited if the CLI tool or the shell environment does not adequately sanitize the inputs.\n- [DATA_EXFILTRATION]: The skill supports DSL syntax and directives—such as ![path], @image, @decorate, @sticker, and @library—that allow the tool to reference and potentially read from the local file system. This creates an attack surface where an attacker could use indirect prompt injection to trick the agent into accessing sensitive files and including them in the flowchart output.

excalidraw-flowchart