The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the shell command date +%y%m%d-%H%M to generate timestamps for source-less context visualizations. Additionally, the verification workflow in references/verification.md recommends using browser or Playwright tooling to capture screenshots of the generated output, which involves executing code in a browser environment.\n- [EXTERNAL_DOWNLOADS]: The HTML templates in the references/templates/ directory include script tags that load the Mermaid.js library from https://cdn.jsdelivr.net/npm/mermaid@11/dist/mermaid.esm.min.mjs. This is a well-known and reputable service for hosting web assets.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted source material and interpolates it into HTML templates. This creates a Cross-Site Scripting (XSS) surface if the source material contains malicious scripts.\n
Ingestion points: Processes arbitrary markdown, documentation, and plan files as specified in the workflow and references/router.md.\n
Boundary markers: There are no instructions to sanitize, escape, or use boundary markers for source content interpolated into the HTML templates.\n
Capability inventory: The skill is designed to write HTML files and assets to the local file system, as outlined in the Output Conventions.\n
Sanitization: The instructions lack any requirement for validating or stripping potentially harmful HTML/JS from the analyzed source documentation.

visualize