Skills
skills/jaganpro/sf-skills/sf-diagram-mermaid/Gen Agent Trust Hub

sf-diagram-mermaid

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/query-org-metadata.py script utilizes subprocess.run to invoke the Salesforce CLI (sf). This is used to retrieve record counts and Org-Wide Default (OWD) settings to provide accurate data for diagrams.
  • [COMMAND_EXECUTION]: The script scripts/mermaid_preview.py manages its own lifecycle by using subprocess.Popen to spawn a background daemon process for the HTTP server and os.kill to handle server shutdown requests.
  • [EXTERNAL_DOWNLOADS]: The HTML template served by the scripts/mermaid_preview.py script loads the Mermaid.js library from the JSDelivr CDN (cdn.jsdelivr.net). This is a well-known and trusted content delivery network used to facilitate the rendering of diagrams in the browser.
  • [PROMPT_INJECTION]: The skill has an attack surface where it ingests metadata from a Salesforce organization (via scripts/query-org-metadata.py) and interpolates it into diagram templates. While the data source is the user's own environment, this pattern represents a surface where external data is incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 02:45 AM