design-doc-mermaid

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The Python scripts (extract_mermaid.py, mermaid_to_image.py, and resilient_diagram.py) use the subprocess.run() function to execute the external mmdc (Mermaid CLI) utility. The execution is handled securely by passing arguments as a list rather than a single string, and it does not utilize a shell (shell=True), which significantly mitigates the risk of command injection. These executions are essential for the skill's primary purpose of validating and rendering diagrams.- [EXTERNAL_DOWNLOADS]: The skill's documentation (README.md and SKILL.md) instructs the user to perform a manual global installation of the @mermaid-js/mermaid-cli package via npm. This is a well-known, widely-used open-source tool required for the skill to perform image conversion and syntax validation.- [PROMPT_INJECTION]: The skill identifies and extracts diagram content from Markdown files located in the workspace to perform validation or conversion. This activity presents a surface for indirect prompt injection (Category 8).
  • Ingestion points: Workspace Markdown files processed by the MermaidExtractor class in scripts/extract_mermaid.py.
  • Boundary markers: The script detects Mermaid diagrams using standard triple-backtick Markdown fencing with the mermaid language identifier.
  • Capability inventory: The skill possesses the ability to execute the mmdc CLI utility and write processed diagram data back to the local filesystem.
  • Sanitization: Content is extracted using regex based on Markdown delimiters and passed to the external utility; while the utility handles the parsing, the skill does not perform semantic validation of the Mermaid code prior to execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 04:46 AM
Security Audit — agent-trust-hub — design-doc-mermaid