The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes several local commands including the draw.io CLI for rendering diagrams, python3 for running utility scripts, and git for update management and version checking. It also uses standard system utilities like mkdir, rm, mv, and platform-specific commands to open the desktop application (open, xdg-open, start).- [EXTERNAL_DOWNLOADS]: It communicates with the vendor's GitHub repository to check for available updates and offers to perform a git pull if a newer version is found, which requires user consent. It also provides installation instructions pointing to official GitHub releases and Homebrew for the required draw.io desktop application.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) because it extracts labels and styling from user-provided .drawio files and images to create new diagrams.
Ingestion points: The style extraction process in references/style-presets.md and references/style-extraction.md reads content from external XML files and images.
Boundary markers: There are no specific delimiters used for the ingested label text in the generated XML, but the skill emphasizes XML entity escaping.
Capability inventory: The skill can execute shell commands, write files locally, and initiate network version checks.
Sanitization: The instructions explicitly direct the agent to escape XML special characters and provide an approval loop where the user reviews a sample diagram before any extracted style is saved.

drawio-skill