The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The file references/flow-template.html includes a reference to the Mermaid.js library via the jsDelivr CDN (https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.min.js). This is a well-known service used for the legitimate purpose of rendering diagrams, which is consistent with the skill's primary function.
[PROMPT_INJECTION]: The skill processes untrusted user data, such as oral requirements, sketches, and HTML prototypes, which creates a potential surface for indirect prompt injection. * Ingestion points: User-provided requirements and HTML files (as described in SKILL.md). * Boundary markers: No explicit delimiters or warnings to ignore embedded instructions are provided for user-supplied data. * Capability inventory: The skill instructs the agent to save PlantUML images to the local directory, implying file system write access. * Sanitization: There is no mention of input validation or sanitization of user-provided content.

2red-product-monster-prd