The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/preflight.mjs script can execute local package manager commands (npm, pnpm, yarn, bun) to install the sharp library. This is a standard development workflow and requires explicit user opt-in via the --install flag.
[EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the sharp image processing library from the official NPM registry, which is a well-known and trusted service for Node.js development.
[SAFE]: The scripts/convert.mjs script implements a sanitizeSvg function that uses regular expressions to strip external resource references (such as file://, http://, and https://) from SVG content before processing. This proactively mitigates common SVG-based attacks like Server-Side Request Forgery (SSRF) and local file disclosure.
[SAFE]: The scripts/preview-server.mjs script hosts a local-only HTTP server bound to the loopback interface (127.0.0.1). This setup allows for safe visual verification of assets without exposing services to the external network.
[SAFE]: The skill follows the principle of least privilege by resolving heavy native dependencies from the user's project directory (node_modules) rather than bundling them or requiring global administrative permissions.

svg-creator