mermaid-jam
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
memiCLI to check integration status, synchronize a documentation corpus, and execute research synthesis tasks. - [EXTERNAL_DOWNLOADS]: Fetches markdown documentation files (
.md,.mdx,.markdown,.mdoc) from remote repositories via thememi mermaid-jam corpus synccommand to build a local analysis corpus. - [REMOTE_CODE_EXECUTION]: Includes instructions for the agent or user to execute
npm installandnpm run buildwithin a local checkout directory to prepare the plugin manifest. - [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external content, creating a surface for indirect prompt injection.
- Ingestion points: Processes user-supplied Mermaid source code, local documentation files (e.g.,
./docs/flow.md), and markdown files synchronized from remote repositories. - Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions embedded within the processed diagram source or markdown files.
- Capability inventory: The skill has access to execute CLI tools (
memi,npm), write files to the.memoire/directory, and access local file paths. - Sanitization: There is no documentation of sanitization or validation routines to filter malicious instructions from the ingested diagram source.
Audit Metadata