convert-mermaid
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/convert.pyutilizessubprocess.run()with a list of arguments to execute thenpxcommand. This approach is a secure practice that prevents shell injection vulnerabilities by ensuring that user-provided file paths are treated as arguments rather than executable shell code.\n- [EXTERNAL_DOWNLOADS]: The skill triggers the download and execution of the@mermaid-js/mermaid-clipackage vianpx. This package is fetched from the official NPM registry, which is an established and well-known service for software distribution.\n- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection because it processes user-provided Mermaid diagram files.\n - Ingestion points: The agent is instructed in
references/fallback-tree.mdto read the contents of.mmdfiles for troubleshooting purposes if conversion fails.\n - Boundary markers: There are no explicit delimiters or instructions defined to isolate the diagram source code or to instruct the agent to ignore any embedded natural language instructions.\n
- Capability inventory: The agent has access to the
Bashtool and specialized conversion scripts that can execute system commands and network operations.\n - Sanitization: No validation or sanitization is performed on the input diagram text before it is potentially read into the agent's context.
Audit Metadata