Skills
skills/iofficeai/aionui/mermaid/Gen Agent Trust Hub

mermaid

Warn

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/render.ts automatically downloads the beautiful-mermaid package from the npm registry using npm install if the package is not found.
  • [COMMAND_EXECUTION]: The script uses execSync to run shell commands for installing dependencies at runtime.
  • [REMOTE_CODE_EXECUTION]: The skill uses dynamic import() to load the newly installed beautiful-mermaid library, which executes code from an external source that is not pinned or verified within the skill's source.
  • [PROMPT_INJECTION]: The skill processes untrusted Mermaid diagram code from stdin or local files without using boundary markers or sanitization, which can be exploited via indirect prompt injection to influence agent behavior through the rendering process.
  • Ingestion points: The readStdin() and readFileSync(filePath) functions in scripts/render.ts ingest untrusted diagram definitions.
  • Boundary markers: No delimiters or safety instructions are used to isolate the diagram code from the execution context.
  • Capability inventory: The script has the ability to execute shell commands (execSync) and write files to the local disk (writeFileSync).
  • Sanitization: There is no evidence of validation or sanitization of the Mermaid code before it is passed to the rendering engine.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 20, 2026, 12:18 AM
Security Audit — agent-trust-hub — mermaid