Diagram Generator

The skill's code, runtime instructions, and requested GEMINI_API_KEY reasonably match its diagram-generation purpose, with only minor inconsistencies and operational caveats to review before running.

This skill appears to do what it says: run a local Node server that calls the Gemini API to produce Mermaid/draw.io diagrams. Before installing or running it locally: - Review the server.js and public files yourself (they are included) — the server will accept and forward any files you POST to the Gemini API. The SKILL.md's allowlist/blocklist are guidance for an agent, not enforced server-side, so avoid posting secrets or config files. - Provide GEMINI_API_KEY with least privilege and consider using an API key that has usage limits. - Run the server in an isolated environment (local dev VM or container) rather than on a production host, and inspect npm dependencies (package-lock.json is included). - Be aware the frontend and app import third-party libraries (mermaid/mammoth) from CDNs — if you need an offline/air-gapped environment, adjust these to local copies. - The binary requirements (curl, base64) are likely only needed if an agent running on your host uses shell commands; they are not used by the shipped server in normal browser usage. If you do let an agent run locally, ensure it follows the SKILL.md file-access policy or restrict the agent’s filesystem access. If you want stronger guarantees, request that the skill enforce allowed file types server-side (reject uploads of env or private config files) and/or run the server inside a sandbox before giving it access to any sensitive repository or credentials.