beautiful-mermaid-editor

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design, as it instructs the agent to read and process untrusted data from a user-specified repository path.
  • Ingestion points: The skill uses $ARGUMENTS to define the repository path and utilizes tools like Read, Glob, and Grep to ingest content from the target repo's files (e.g., AGENTS.md, package.json, editor.ts).
  • Boundary markers: No specific boundary markers or 'ignore' instructions are provided to the agent for the content it reads from the repository.
  • Capability inventory: The skill possesses significant capabilities, including Bash (shell execution) and Edit/Write (file modification).
  • Sanitization: No sanitization or validation logic is defined for the ingested data before it influences agent decisions.
  • [COMMAND_EXECUTION]: The skill references local project commands such as bun run editor and bun run dev for building and testing. These are standard developer workflows for the intended environment and do not constitute malicious command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:18 AM
Security Audit — agent-trust-hub — beautiful-mermaid-editor