mermaid-jam

Pass

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the memi CLI to check integration status, synchronize a documentation corpus, and execute research synthesis tasks.
  • [EXTERNAL_DOWNLOADS]: Fetches markdown documentation files (.md, .mdx, .markdown, .mdoc) from remote repositories via the memi mermaid-jam corpus sync command to build a local analysis corpus.
  • [REMOTE_CODE_EXECUTION]: Includes instructions for the agent or user to execute npm install and npm run build within a local checkout directory to prepare the plugin manifest.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external content, creating a surface for indirect prompt injection.
  • Ingestion points: Processes user-supplied Mermaid source code, local documentation files (e.g., ./docs/flow.md), and markdown files synchronized from remote repositories.
  • Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions embedded within the processed diagram source or markdown files.
  • Capability inventory: The skill has access to execute CLI tools (memi, npm), write files to the .memoire/ directory, and access local file paths.
  • Sanitization: There is no documentation of sanitization or validation routines to filter malicious instructions from the ingested diagram source.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 15, 2026, 09:48 PM