The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (SAFE): Documentation includes instructions for installing official packages (@mermaid-js/mermaid-cli, mermaid) via npm and using reputable CDNs (jsdelivr.net) for script inclusion.
[COMMAND_EXECUTION] (SAFE): CLI rendering commands using mmdc are documented for legitimate diagram generation purposes.
[PROMPT_INJECTION] (LOW): Indirect prompt injection surface identified. The skill processes text-based diagram definitions which could contain hidden instructions if sourced from untrusted data. Evidence: (1) Ingestion points: diagram-content in SKILL.md and reference files. (2) Boundary markers: Not explicitly defined in instructions. (3) Capability inventory: mmdc CLI subprocess execution and JavaScript API rendering. (4) Sanitization: The skill documentation correctly identifies and recommends using securityLevel: strict and Mermaid's built-in DOMPurify integration to mitigate XSS and injection risks.

mermaidjs-v11