The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes a Node.js utility script, render-graphs.js, which executes the external system commands dot and which using execSync. The script extracts content from markdown code blocks and pipes it directly into the dot command's standard input to generate SVG diagrams.
[PROMPT_INJECTION]: The skill teaches and utilizes 'Persuasion Principles' (Authority, Commitment, Scarcity) specifically derived from research on persuading LLMs to comply with requests. It uses strong behavioral override markers such as 'IMPORTANT: This is a real scenario', 'YOU MUST', and 'No exceptions'. It explicitly instructs agents to adopt a 'Bulletproofing' posture that forbids rationalization and ignores the 'spirit vs letter' distinction to force compliance with documented processes.
[EXTERNAL_DOWNLOADS]: The documentation references several external dependencies for installation via standard package managers, including Python packages pdfplumber, pypdf, and pytesseract, as well as Node.js libraries like docx-js and the graphviz system binary.
[INDIRECT_PROMPT_INJECTION]: The skill defines a vulnerability surface through its testing and rendering workflows. The render-graphs.js script ingests untrusted data from external SKILL.md files and processes it via shell commands without sanitization. While intended for local developer use, this pattern creates a risk where malicious content in a processed file could attempt to exploit the rendering environment.

writing-skills