beautiful-mermaid

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The scripts/render.ts file implements a dynamic loading mechanism via the import() function within the ensurePackage utility, which allows loading modules based on string variables at runtime.
  • [COMMAND_EXECUTION]: The ensurePackage function in scripts/render.ts uses child_process.execSync to run system commands for package installation (such as npm install or bun add) during the skill's execution.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to automatically fetch the beautiful-mermaid package from public registries if it is not found on the local system. This process lacks version pinning or integrity verification, posing a risk of executing unverified external code.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) as it processes user-provided Mermaid code or natural language descriptions to generate diagrams without boundary markers or sanitization. This is significant because the skill also possesses file-writing and command-execution capabilities. Evidence: Ingestion points: Mermaid code/descriptions (SKILL.md, render.ts); Boundary markers: Absent; Capability inventory: Shell command execution (execSync), file system writes (writeFileSync); Sanitization: None identified.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 02:54 PM
Security Audit — agent-trust-hub — beautiful-mermaid