The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts render_mermaid.py and render_mindmap.py execute external CLI tools (mmdc and markmap) via subprocess.run. Although arguments are passed as a list, which is a secure practice, this pattern executes system-level binaries.
Evidence: In scripts/render_mermaid.py, the command cmd = ["mmdc", "-i", input_file, "-o", output_file] is passed to subprocess.run.
[DYNAMIC_EXECUTION]: The render_geogebra.py script manually constructs a JavaScript array within an HTML template from user-influenced commands without proper escaping. This lack of sanitization allows for potential script injection in the generated output files.
Evidence: In scripts/render_geogebra.py, the line commands_js = '[' + ', '.join([f'"{cmd}"' for cmd in valid_commands]) + ']' is used to build the command list for the browser.
[EXTERNAL_DOWNLOADS]: The skill relies on external software packages and remote assets. It requires installing global NPM packages and loads JavaScript libraries from various CDNs at runtime.
Evidence: SKILL.md requires npm install -g @mermaid-js/mermaid-cli and markmap-cli. HTML templates include scripts from cdn.jsdelivr.net and geogebra.org.
[PROMPT_INJECTION]: The skill ingests untrusted user input to generate chart configurations. Without boundary markers or sanitization, there is a risk of indirect prompt injection where malicious instructions could be embedded in chart labels or data, potentially affecting the agent's behavior or compromising the rendered output.
Ingestion points: User prompts used to generate configuration files for charts (SKILL.md).
Boundary markers: Absent.
Capability inventory: Subprocess execution, file system access, and script-enabled HTML generation.
Sanitization: Absent in the Python rendering scripts.

multi-chart-draw