beautiful-mermaid
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/render.ts uses child_process.execSync to execute npm install or bun add commands for the beautiful-mermaid package. While the package name is hardcoded, the use of shell execution for dependency management is a practice that requires oversight.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to check for updates from a remote GitHub repository (github.com/abpai/skills) and downloads the beautiful-mermaid package from public registries during its first execution. These resources are associated with the skill's author.
- [PROMPT_INJECTION]: The scripts/create-html.ts script creates an HTML wrapper by directly interpolating the content of an SVG file into a template. This HTML is subsequently opened in a browser environment via the agent-browser tool, creating a surface for indirect prompt injection where a maliciously crafted Mermaid diagram could attempt to execute scripts in the agent's browser context.
- Ingestion points: User-provided or agent-generated Mermaid code converted to SVG.
- Boundary markers: None identified for the SVG content interpolation in the HTML wrapper.
- Capability inventory: Uses agent-browser to render HTML, providing a full browser execution environment.
- Sanitization: No sanitization or filtering is performed on the SVG content before it is embedded into the HTML wrapper.
Audit Metadata