Skills
skills/zpankz/obsidian-skills/notemdpro-mermaid-healer/Gen Agent Trust Hub

notemdpro-mermaid-healer

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The llmHealMermaid workflow implementation described in SKILL.md is susceptible to indirect prompt injection. It extracts mermaid blocks from user-provided content and places them directly into a prompt template for repair without proper sanitization.
  • Ingestion points: User-provided markdown content is parsed to extract mermaid blocks in both SKILL.md (via the described logic) and mermaidProcessor.ts.
  • Boundary markers: The prompt template for the LLM fallback lacks secure delimiters or instructions for the model to ignore instructions embedded within the untrusted diagram text.
  • Capability inventory: The skill possesses the ability to call an LLM (llmCall) and incorporate its output back into the user's workspace, which could be exploited to manipulate the agent's context.
  • Sanitization: There is no evidence of sanitization or escaping of the diagram content before it is interpolated into the repair prompt.
  • [EXTERNAL_DOWNLOADS]: The skill imports the mermaid Node.js package to facilitate diagram parsing and validation. This is a standard and expected dependency for a skill focused on diagram syntax repair.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:49 PM