The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions explicitly use curl commands to interact with a local web service on localhost:7236, enabling network-based interaction with the host system.
[REMOTE_CODE_EXECUTION]: The skill leverages the /api/doc/:id/exec endpoint, which is designed to execute arbitrary JavaScript code within the context of the tldraw desktop application. This provides a direct path for dynamic code execution.
[EXTERNAL_DOWNLOADS]: The README directs the user to install the skill via npx from a third-party GitHub repository (jsh-me/tldraw-desktop-skill), introducing external code that has not been verified.
[INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by reading shape labels and text data from the tldraw canvas.
Ingestion points: Untrusted data is retrieved from the canvas via GET /api/doc/:id/shapes in SKILL.md.
Boundary markers: No delimiters or instructions to disregard embedded commands are included in the prompt instructions.
Capability inventory: The agent can execute commands via curl, run arbitrary JavaScript through the /api/doc/:id/exec endpoint, and capture visual data using /api/doc/:id/screenshot (documented in SKILL.md).
Sanitization: No sanitization or validation of the text content retrieved from the canvas is mentioned or implemented.
[METADATA_POISONING]: There is a discrepancy between the provided author context ('tmdgusya') and the repository/package owner ('jsh-me') found in the skill metadata and documentation.

tldraw-desktop