external-diagram-mermaid-generate
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/query-org-metadata.pyusessubprocess.runto invoke the Salesforce CLI (sf). This is used to retrieve record counts and org-wide sharing settings to provide accurate grounding for the generated data model diagrams. - [COMMAND_EXECUTION]: The script
scripts/mermaid_preview.pyutilizessubprocess.Popento manage its own execution in a detached background process (daemon mode) for the live-reload server. This is a standard implementation for lightweight developer tooling. - [EXTERNAL_DOWNLOADS]: The
mermaid_preview.pyserver serves an HTML template that fetches the Mermaid JavaScript library fromhttps://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.min.js. Loading dependencies from well-known CDNs is a common practice for web-based rendering components. - [SAFE]: The skill uses a standard 'forcedotcom' pattern for interacting with Salesforce orgs via the official CLI. It does not handle or store raw credentials, instead relying on the authenticated sessions managed by the Salesforce CLI environment.
- [SAFE]: Instructions in
SKILL.mdare focused on diagram generation and follow best practices for Salesforce architecture documentation without attempting to bypass safety filters or override agent constraints.
Audit Metadata