beautiful-mermaid
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of the
bmcommand-line utility to render diagrams, which involves running shell commands that process user-supplied Mermaid source code. - [EXTERNAL_DOWNLOADS]: The documentation instructs the agent or user to install the
beautiful-mermaid-clipackage via npm or Homebrew, pointing to the author's official repository. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. 1. Ingestion points: Mermaid source code provided as strings or files to the CLI. 2. Boundary markers: Examples utilize single quotes to delimit Mermaid source code in shell commands. 3. Capability inventory: Execution of the
bmCLI and the ability to write output files (SVG, PNG) to the local filesystem. 4. Sanitization: No explicit sanitization or validation of the Mermaid input is mentioned before it is passed to the shell. - [SAFE]: No critical vulnerabilities such as credential theft, malicious persistence, or obfuscation were identified. The described actions are consistent with the skill's purpose as a diagram rendering utility.
Audit Metadata