mermaid-tools
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled shell script
extract-and-generate.shwhich coordinates the extraction process by invoking a Python script and themmdc(Mermaid CLI) binary. - [COMMAND_EXECUTION]: The skill uses system utilities including
mkdir,python3,stat,file, and ImageMagick'sidentifyfor file management and output validation. - [EXTERNAL_DOWNLOADS]: Setup instructions guide the user to install well-known software including Node.js,
@mermaid-js/mermaid-cli, and Google Chrome from official repositories to satisfy dependencies. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted user-provided Markdown files to extract and render diagrams.
- Ingestion points: The
extract-and-generate.shscript andextract_diagrams.pyread and process input Markdown files. - Boundary markers: None; diagrams are extracted based on standard Markdown triple-backtick markers.
- Capability inventory: The skill can execute shell commands, run Python scripts, and invoke a headless browser via
mmdcto process content. - Sanitization: There is no sanitization of the Mermaid code content before it is passed to the rendering engine.
- [SAFE]: The Puppeteer configuration includes the
--no-sandboxflag, which is a common requirement for running headless Chrome in restricted environments like WSL2 or CI/CD pipelines. While this reduces process isolation, it is consistent with the skill's intended use case and the requirements of the underlying tools.
Audit Metadata