The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The skill requires the installation of a global npm package @swiftlysingh/excalidraw-cli and frequently uses npx to execute it. This package is hosted in an individual's namespace and is not part of the trusted organizations list, posing a supply chain risk.
REMOTE_CODE_EXECUTION (HIGH): The use of npx @swiftlysingh/excalidraw-cli allows the execution of remote code every time the skill is triggered. If the package or the author's account were compromised, it would lead to direct command execution on the user's machine.
COMMAND_EXECUTION (MEDIUM): The skill constructs shell commands by interpolating DSL (Domain Specific Language) strings directly into npx calls. While the DSL is generated by the AI, it provides a vector for command injection if the AI is coerced into generating shell-sensitive characters in the --inline argument.
DYNAMIC_EXECUTION (MEDIUM): The export-png.js script dynamically generates a local HTML file (render.html) and executes it using Puppeteer with the --no-sandbox flag enabled. This pattern is often used to bypass browser security controls.
INDIRECT_PROMPT_INJECTION (MEDIUM): The export-png.js script is vulnerable to XSS. It takes data from the .excalidraw file (which contains user-provided text labels) and injects it into a <script> tag in render.html using JSON.stringify(). A label containing </script><script>...</script> would break out of the JSON context and execute arbitrary JavaScript in the Puppeteer browser instance, which has file:// access to the local system.

Excalidraw Flowchart