The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions provide guidance on cloning a repository from the author's GitHub account (https://github.com/yctimlin/mcp_excalidraw) to set up the necessary backend server. As this is a vendor-owned resource, it is a standard deployment procedure for the skill.- [COMMAND_EXECUTION]: The skill includes several Node.js utility scripts (e.g., scripts/clear-canvas.cjs, scripts/create-element.cjs) that are intended to be executed locally. these scripts perform standard operations such as making HTTP requests to a local API and writing exported elements to a specified file path.- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection through its ingestion of diagram data and Mermaid syntax.
Ingestion points: Elements are read from the server via the describe_scene tool and from local files via import-elements.cjs.
Boundary markers: No specific boundary markers or safety instructions are present to encapsulate external data.
Capability inventory: The skill can perform network requests and local file system writes.
Sanitization: No explicit sanitization of canvas elements or Mermaid syntax is performed before the data is processed by the agent.

excalidraw-skill