design-doc-mermaid
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python scripts (
extract_mermaid.py,mermaid_to_image.py, andresilient_diagram.py) use thesubprocess.run()function to execute the externalmmdc(Mermaid CLI) utility. The execution is handled securely by passing arguments as a list rather than a single string, and it does not utilize a shell (shell=True), which significantly mitigates the risk of command injection. These executions are essential for the skill's primary purpose of validating and rendering diagrams.- [EXTERNAL_DOWNLOADS]: The skill's documentation (README.mdandSKILL.md) instructs the user to perform a manual global installation of the@mermaid-js/mermaid-clipackage via npm. This is a well-known, widely-used open-source tool required for the skill to perform image conversion and syntax validation.- [PROMPT_INJECTION]: The skill identifies and extracts diagram content from Markdown files located in the workspace to perform validation or conversion. This activity presents a surface for indirect prompt injection (Category 8). - Ingestion points: Workspace Markdown files processed by the
MermaidExtractorclass inscripts/extract_mermaid.py. - Boundary markers: The script detects Mermaid diagrams using standard triple-backtick Markdown fencing with the
mermaidlanguage identifier. - Capability inventory: The skill possesses the ability to execute the
mmdcCLI utility and write processed diagram data back to the local filesystem. - Sanitization: Content is extracted using regex based on Markdown delimiters and passed to the external utility; while the utility handles the parsing, the skill does not perform semantic validation of the Mermaid code prior to execution.
Audit Metadata