Skills
skills/ahgraber/skills/mermaid/Gen Agent Trust Hub

mermaid

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): Both scripts/render_mermaid.py and scripts/validate_mermaid.py can trigger the download of a Chromium binary from Google's servers if the --install-chromium flag is used. This process involves the runtime acquisition and execution of a large external binary blob.
  • COMMAND_EXECUTION (MEDIUM): The scripts utilize subprocess.run to call the mmdc (Mermaid CLI) tool. While diagrams are passed via temporary files, executing external system binaries on data derived from user input is a security-sensitive operation.
  • DATA_EXFILTRATION (LOW): The scripts allow the agent to read arbitrary local files via the --input parameter. While intended for processing Mermaid source files, this capability could be used to read sensitive local data if the agent's behavior is influenced by a malicious prompt.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:16 PM