sf-diagram-mermaid
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides Python utility scripts (
mermaid_preview.pyandquery-org-metadata.py) that use thesubprocessmodule to execute system commands. These scripts are intended to interface with the Salesforce CLI (sf) to retrieve organizational metadata (such as record counts and sharing models) and to manage the lifecycle of a local HTTP server used for previewing diagrams. The command execution is well-contained, avoidsshell=Truewhere possible, and aligns with the professional purpose of the skill. - [EXTERNAL_DOWNLOADS]: The preview server functionality serves an HTML template that fetches the Mermaid.js rendering engine from the well-known jsDelivr CDN (
cdn.jsdelivr.net). This is a standard and safe practice for including web libraries in local development tools.
Audit Metadata