Skills
skills/camacho/ai-skills/visualize/Gen Agent Trust Hub

visualize

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper script scripts/render-mermaid.ts invokes the Mermaid CLI (mmdc) using execFileSync. This is the primary method for rendering visual content.\n- [EXTERNAL_DOWNLOADS]: The script utilizes npx to execute the @mermaid-js/mermaid-cli package, which involves downloading it from the NPM registry if it is not already available.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of arbitrary conversation context and file content.\n
  • Ingestion points: Content is sourced from conversation history and user-specified files in SKILL.md and scripts/render-mermaid.ts.\n
  • Boundary markers: No delimiters or instructions are used to prevent the agent from acting on malicious instructions contained within the processed data.\n
  • Capability inventory: The skill allows reading local files and executing commands through a subprocess.\n
  • Sanitization: There is no input validation or sanitization of the content before it is passed to the renderer.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:34 PM