generating-mermaid-diagrams

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/query-org-metadata.py utility executes the Salesforce CLI (sf) to retrieve object counts and metadata for grounding diagrams. The script uses safe argument passing (list-based) to prevent shell injection.
  • [COMMAND_EXECUTION]: The scripts/mermaid_preview.py script executes a background process of itself to serve as a local HTTP server for diagram previews. This is a standard management pattern for local development tools.
  • [EXTERNAL_DOWNLOADS]: The Mermaid preview server template references the Mermaid.js library from cdn.jsdelivr.net. This is a well-known public CDN used to load the rendering engine required for browser-based diagram visualization.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:47 PM
Security Audit — agent-trust-hub — generating-mermaid-diagrams