beautiful-mermaid
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
scripts/render.tsfile implements a dynamic loading mechanism via theimport()function within theensurePackageutility, which allows loading modules based on string variables at runtime. - [COMMAND_EXECUTION]: The
ensurePackagefunction inscripts/render.tsuseschild_process.execSyncto run system commands for package installation (such asnpm installorbun add) during the skill's execution. - [EXTERNAL_DOWNLOADS]: The skill is designed to automatically fetch the
beautiful-mermaidpackage from public registries if it is not found on the local system. This process lacks version pinning or integrity verification, posing a risk of executing unverified external code. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) as it processes user-provided Mermaid code or natural language descriptions to generate diagrams without boundary markers or sanitization. This is significant because the skill also possesses file-writing and command-execution capabilities. Evidence: Ingestion points: Mermaid code/descriptions (SKILL.md, render.ts); Boundary markers: Absent; Capability inventory: Shell command execution (execSync), file system writes (writeFileSync); Sanitization: None identified.
Audit Metadata