The Agent Skills Directory

[DATA_EXFILTRATION]: The tool 'markmap_render_file' accepts a 'file_path' parameter, enabling the agent to read arbitrary local files. This provides a mechanism for exposing sensitive information such as configuration files, credentials, or private keys if the agent is directed to process them.
[COMMAND_EXECUTION]: The skill executes a local Node.js script using the 'node $MARKMAP_MCP_SCRIPT' pattern. Additionally, the 'markmap_render_file' tool permits writing SVG output to an arbitrary 'output_path', which could be abused to overwrite critical system or application files.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external markdown and outline data. Ingestion points: 'markdown_content', 'outline_items', and local files via 'file_path' (SKILL.md). Boundary markers: None identified. Capability inventory: Node.js script execution, arbitrary file reading, and file writing (SKILL.md). Sanitization: No evidence of input validation or sanitization for the processed content.

markmap-viz