animated-diagram

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: No evidence of malicious behavior, data exfiltration, or credential exposure was found. The skill operates exclusively as a local visual rendering tool for technical diagrams.
  • [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection via Mermaid node labels. Ingestion points: The mermaid source text provided as a prop to templates/DiagramBoard.tsx and parsed in templates/parse-mermaid.ts. Boundary markers: No explicit sanitization or delimiters to ignore embedded instructions are present in the parser. Capability inventory: The skill is restricted to UI rendering and lacks network requests, file system access, or subprocess execution capabilities. Sanitization: Node labels are rendered using dangerouslySetInnerHTML in templates/Node.tsx to support line breaks (), which could be leveraged for XSS if the diagram content originates from an untrusted source.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 05:07 AM
Security Audit — agent-trust-hub — animated-diagram