beautiful-mermaid
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/render.tsutilizeschild_process.execSyncto execute shell commands for package management, specificallynpm installorbun add, to fetch dependencies at runtime. - [REMOTE_CODE_EXECUTION]: The skill dynamically installs and loads external code by pulling the
beautiful-mermaidpackage from a public registry during execution if it is not already present. - [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection in
scripts/create-html.ts. The script embeds raw, unsanitized SVG content (derived from user-provided Mermaid code) directly into an HTML template. When this HTML is subsequently processed by theagent-browserskill, any malicious scripts or event handlers within the SVG could be executed in the agent's browser context. - Ingestion points: User input provided via the
--codeor--inputflags inscripts/render.ts, which is then passed toscripts/create-html.tsvia the--svgflag. - Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill has the capability to execute shell commands (
execSync), read/write to the file system, and interact with a web browser through a secondary skill. - Sanitization: No sanitization or validation of the SVG content is performed before it is interpolated into the HTML wrapper.
Audit Metadata