mermaid
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's verification recipe utilizes
npxto download and run the@mermaid-js/mermaid-clipackage. This is a well-known and trusted tool provided by the official Mermaid project and is used here for its intended purpose of validating diagram syntax. - [COMMAND_EXECUTION]: The SKILL.md provides a bash-based verification recipe that uses standard shell utilities like
awkand the Mermaid CLI. These commands are used to process and validate generated diagram code blocks. - [INDIRECT_PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection as it ingests user-provided descriptions to generate code that is subsequently processed by a verification script.
- Ingestion points: User-supplied diagram descriptions provided during conversation.
- Boundary markers: The generated Mermaid code is correctly encapsulated within ```mermaid fenced blocks to separate it from other text.
- Capability inventory: The skill instructs the agent to execute shell commands to verify the generated diagrams (SKILL.md).
- Sanitization: The skill relies on the strict syntax parsing of the Mermaid CLI and does not implement additional sanitization for user-provided data.
Audit Metadata