The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill relies on executing external binaries (mmdc for Mermaid and markmap for mindmaps) via the Python subprocess.run module. While the implementation uses argument lists to avoid shell injection in the script itself, it processes untrusted content generated from user prompts or external files through these third-party tools.
[INDIRECT_PROMPT_INJECTION] (HIGH): The skill is highly susceptible to indirect prompt injection because it bridges external content with execution capabilities.
Ingestion points: Data enters the system when the agent reads external files (such as project documentation or READMEs) to generate diagrams based on their content.
Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when the agent is instructed to process external data for chart generation.
Capability inventory: The skill possesses the ability to write files to the local filesystem and execute subprocesses (scripts/render_mermaid.py, scripts/render_mindmap.py).
Sanitization: There is no evidence of sanitization of the generated chart configurations (Mermaid code, Markdown, or ECharts JSON) before they are passed to the CLI tools. An attacker could embed instructions in a project file that, when summarized into a chart, influence the agent's logic or exploit vulnerabilities in the rendering binaries.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the manual installation of global NPM packages (@mermaid-js/mermaid-cli, markmap-cli) and Python dependencies. This introduces a supply chain risk, as these external tools are required for the skill's primary functionality and are executed with the same privileges as the agent.

multi-chart-draw