The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches essential visualization libraries (Mermaid, Chart.js, anime.js) and fonts from well-known and trusted services including jsDelivr and Google Fonts. These are standard dependencies for zero-build frontend projects and do not involve untrusted or suspicious sources.
[COMMAND_EXECUTION]: The skill uses the open (macOS) and xdg-open (Linux) commands to launch generated HTML explainers in the browser. This is the intended primary delivery mechanism for the skill's functionality and does not involve privileged or dangerous system modifications.
[PROMPT_INJECTION]: The skill processes untrusted data (user queries, repository code, and git history) to populate its diagrams, representing an indirect prompt injection surface.
Ingestion points: Data enters through $ARGUMENTS in the diagram generation prompts and via git command outputs in the diff-review, fact-check, and project-recap prompts.
Boundary markers: The templates use semantic HTML sections, but there are no specific instructions to escape or sanitize user-supplied strings within the HTML structure.
Capability inventory: The agent has the ability to write files to the ~/.agent/diagrams/ directory and execute the browser opening command.
Sanitization: Explicit sanitization of user-provided content is absent from the prompt instructions, which is a known architectural surface for potential Cross-Site Scripting (XSS) if the processed codebase or user input contains malicious script tags. This is documented here as a best-practice observation rather than a malicious detection.

visual-explainer