The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions include executing shell commands with interpolated variables, such as 'python3 /skills/mermaid-live-preview/scripts/encode.py "<mermaid代码>"'. If the Mermaid code generated from the project codebase contains shell-active characters (like backticks or command substitution), it could lead to command injection depending on the agent's shell escaping behavior.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes arbitrary project files and existing documentation to generate reports. Evidence chain: 1. Ingestion points: docs/*.md and project source code (SKILL.md, references/mode-architecture.md). 2. Boundary markers: none present to separate untrusted content. 3. Capability inventory: file-write (Write tool) and shell command execution. 4. Sanitization: no evidence of escaping or validation of project content before processing.
[DATA_EXFILTRATION]: The skill encourages the use of an external script to generate online preview links for Mermaid diagrams. This involves sending project architectural data and module logic to an external online service, which may be a concern for private or sensitive codebases.

project-analysis