mermaid-live-preview
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a Python script to encode Mermaid diagram code into a URL-safe format for mermaid.live. The implementation uses standard Python libraries (zlib, base64, json) and does not exhibit any malicious patterns.
- [DATA_EXPOSURE]: The skill processes user-provided Mermaid code to generate URLs for an external service (mermaid.live). This is the primary intended purpose of the skill and does not involve accessing sensitive local files or hardcoding credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests Mermaid diagram code (untrusted data) from the user or files. While it lacks explicit boundary markers or sanitization, its capabilities are strictly limited to string manipulation and printing URLs, providing no significant attack surface for code execution or privilege escalation.
- [COMMAND_EXECUTION]: The documentation describes running the provided Python script via the command line. This is standard usage for a CLI-based skill and does not involve executing arbitrary or unsanitized shell commands.
Audit Metadata