Skills
skills/fengyunzaidushi/markmap-skill/markmap-analogy-mindmap/Gen Agent Trust Hub

markmap-analogy-mindmap

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/validate_and_render.py executes shell commands via subprocess.run to render mind maps. It checks for the availability of markmap, npx, or a local node installation. These calls use list-based arguments without shell=True, which is a secure implementation that prevents command injection.
  • [EXTERNAL_DOWNLOADS]: The rendering process may invoke npx --yes markmap-cli, which downloads the necessary rendering tool from the official NPM registry. This is a standard operation for Node.js-based tools and targets a well-known, trusted service. The script further attempts to mitigate unnecessary network activity by using the --offline flag and disabling browser downloads for its rendering engine.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 08:05 AM
Security Audit — agent-trust-hub — markmap-analogy-mindmap