beautiful-mermaid-editor
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design, as it instructs the agent to read and process untrusted data from a user-specified repository path.
- Ingestion points: The skill uses
$ARGUMENTSto define the repository path and utilizes tools likeRead,Glob, andGrepto ingest content from the target repo's files (e.g.,AGENTS.md,package.json,editor.ts). - Boundary markers: No specific boundary markers or 'ignore' instructions are provided to the agent for the content it reads from the repository.
- Capability inventory: The skill possesses significant capabilities, including
Bash(shell execution) andEdit/Write(file modification). - Sanitization: No sanitization or validation logic is defined for the ingested data before it influences agent decisions.
- [COMMAND_EXECUTION]: The skill references local project commands such as
bun run editorandbun run devfor building and testing. These are standard developer workflows for the intended environment and do not constitute malicious command execution.
Audit Metadata