The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes several shell commands to function correctly, including 'npm install' for dependencies, 'npx playwright install chromium' for the browser setup, and 'node screenshot-diagram.js' to capture the final diagram. This is expected behavior for the tool's primary purpose of exporting images.
[EXTERNAL_DOWNLOADS]: The skill installs the 'playwright' library from the official NPM registry and downloads a Chromium browser instance. Playwright is a well-known and established automation service maintained by Microsoft.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection and path traversal as it processes untrusted user input to generate file paths and HTML content.
Ingestion points: User-provided workflow descriptions and diagram names are captured in 'SKILL.md' (Step 1.1).
Boundary markers: Absent. There are no instructions for the agent to ignore or delimit potentially malicious instructions within the workflow description.
Capability inventory: The skill can create directories, write HTML files ('diagram.html'), and execute shell commands ('node screenshot-diagram.js').
Sanitization: Absent. There is no explicit requirement to sanitize user-provided diagram names or workflow labels, which could lead to path traversal or script injection in the generated HTML.

create-workflow-diagram