The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides a shell script (scripts/export.sh) that references a local utility in the associated gm-architecture project to handle PNG and PDF exports of generated charts.
[EXTERNAL_DOWNLOADS]: Generated HTML outputs reference typography resources from Google Fonts (fonts.googleapis.com), a well-known service.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted natural language input to generate chart data. It effectively mitigates injection risks through multiple layers of validation. • Ingestion points: User-provided data descriptions and chart parameters. • Boundary markers: The skill uses strictly typed JSON schemas in the assets/ directory to constrain extracted data. • Capability inventory: Creation of HTML/SVG files and execution of a local conversion script. • Sanitization: Instructions mandate HTML entity escaping for all user text, and schemas enforce a sanitizedString regex pattern (^[^<>]*$) to prevent the inclusion of malicious tags in SVG foreignObject elements.

gm-data-chart