The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a Python wrapper script (scripts/place_to_line2d.py) which in turn invokes a TypeScript exporter script. Evaluation of the subprocess.run implementation in the Python script confirms it uses a list of arguments with shell=False (default), which safely handles user-supplied strings and prevents shell injection attacks.\n- [DATA_EXPOSURE]: The skill documentation and scripts contain hardcoded absolute file paths within a user's directory (/Users/zhangluyi/...). This reveals information about the local file system layout but does not expose credentials or private information.\n- [PROMPT_INJECTION]: The skill processes untrusted input in the form of place names which are passed to command-line tools. The risk of indirect prompt injection is mitigated by input normalization and safe execution patterns. Evidence chain: 1. Ingestion points: place argument in scripts/place_to_line2d.py. 2. Boundary markers: Absent. 3. Capability inventory: subprocess.run execution in scripts/place_to_line2d.py. 4. Sanitization: The script uses normalize_place and slugify functions to clean input before use in file paths and command arguments.

place-to-contour-animator