external-diagram-mermaid-generate

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/query-org-metadata.py uses subprocess.run to invoke the Salesforce CLI (sf). This is used to retrieve record counts and org-wide sharing settings to provide accurate grounding for the generated data model diagrams.
  • [COMMAND_EXECUTION]: The script scripts/mermaid_preview.py utilizes subprocess.Popen to manage its own execution in a detached background process (daemon mode) for the live-reload server. This is a standard implementation for lightweight developer tooling.
  • [EXTERNAL_DOWNLOADS]: The mermaid_preview.py server serves an HTML template that fetches the Mermaid JavaScript library from https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.min.js. Loading dependencies from well-known CDNs is a common practice for web-based rendering components.
  • [SAFE]: The skill uses a standard 'forcedotcom' pattern for interacting with Salesforce orgs via the official CLI. It does not handle or store raw credentials, instead relying on the authenticated sessions managed by the Salesforce CLI environment.
  • [SAFE]: Instructions in SKILL.md are focused on diagram generation and follow best practices for Salesforce architecture documentation without attempting to bypass safety filters or override agent constraints.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 01:15 PM
Security Audit — agent-trust-hub — external-diagram-mermaid-generate