diagram-generator
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill generates HTML files that fetch the Mermaid.js library from the jsDelivr CDN (https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js). jsDelivr is a well-known and widely used content delivery network.
- [COMMAND_EXECUTION]: The entry script (scripts/main.cjs) uses the Node.js spawn function to execute a local generation script. This is the standard mechanism for the skill to perform its intended processing.
- [PROMPT_INJECTION]: As the skill processes code to generate diagrams, it has a surface for indirect prompt injection where instructions embedded in code comments could potentially influence the diagram generation.
- Ingestion points: Project codebase searched via pnpm search:code and direct file reads.
- Boundary markers: Absent; the skill does not explicitly use delimiters to separate source code from diagram generation instructions.
- Capability inventory: File system write access to the .claude/context/artifacts/diagrams/ directory.
- Sanitization: No explicit sanitization of input code content is performed before processing into Mermaid syntax.
Audit Metadata