notemdpro-mermaid-summarizer
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's instructions and function call chain are consistent with its described purpose of document summarization and visual mapping. No suspicious external dependencies or obfuscated code were detected.\n- [PROMPT_INJECTION]: The skill ingests untrusted text from documents, creating a surface for indirect prompt injection. This is an expected risk factor for summarization tools and is managed through structured prompting.\n
- Ingestion points: Document content is read using
read_fileas part of thesummarizeToMermaidCommandinmain.ts.\n - Boundary markers: The prompt provided in
promptUtils.tsuses instructional headers to define the AI's role and rules, which helps separate operational logic from the processed document content.\n - Capability inventory: The skill utilizes
read_file,write_file, andmkdir_pto handle document input and diagram storage, which are appropriate for its functionality.\n - Sanitization: The workflow includes automated syntax validation and repair for the generated Mermaid code using
refineMermaidBlocksandcheckMermaidErrors.
Audit Metadata