beautiful-mermaid
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/render.tsscript useschild_process.execSyncto dynamically run package managers likenpmorbunto install thebeautiful-mermaidpackage if it is not found in the environment. - [EXTERNAL_DOWNLOADS]: The skill attempts to download and install the
beautiful-mermaidpackage from the NPM registry during execution if it is missing, as seen in theensurePackagefunction inscripts/render.ts. - [REMOTE_CODE_EXECUTION]: The
scripts/render.tsscript utilizes dynamic imports (await import(name)) to load thebeautiful-mermaidpackage at runtime after potentially installing it via shell commands, which constitutes dynamic loading of remote code. - [DATA_EXFILTRATION]: The skill presents an indirect prompt injection surface. User-supplied Mermaid diagram syntax is rendered into an SVG, which is then embedded without sanitization into an HTML wrapper by
scripts/create-html.ts. This file is subsequently opened by theagent-browsertool, creating a risk where malicious diagram content could execute JavaScript (XSS) in the browser context to access sensitive data. - Ingestion points: Mermaid diagram code provided by the user via the
--codeor--inputarguments toscripts/render.ts. - Boundary markers: No delimiters or warnings are used when the SVG content is interpolated into the HTML template in
scripts/create-html.ts. - Capability inventory: The skill possesses file-write capabilities (
writeFileSync), command execution viaexecSync, and browser automation via theagent-browsertool mentioned inSKILL.md. - Sanitization: The SVG content is read and injected directly into the HTML
<body>inscripts/create-html.tswithout any sanitization or verification of its content.
Audit Metadata