moai-mermaid-diagram-expert
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation includes commands that download and execute an external package (@alfred/mermaid-expert) from the NPM registry using npx. This package is not from a known trusted organization or vendor associated with the skill.
- [REMOTE_CODE_EXECUTION]: The skill provides a custom React component (MermaidDiagram.tsx) that initializes the Mermaid library with securityLevel: 'loose'. This configuration allows the execution of JavaScript within diagrams (e.g., through node click events). When combined with the skill's ability to generate diagrams from untrusted source data (like package.json or API definitions), this creates a risk of Cross-Site Scripting (XSS).
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the codebase to generate diagrams without sanitization.
- Ingestion points: Files like package.json, API specification files, and database models (SKILL.md).
- Boundary markers: Absent. Data is directly interpolated into Mermaid code blocks.
- Capability inventory: The skill allows the agent to use Read, Bash, WebSearch, and WebFetch tools (SKILL.md).
- Sanitization: No validation or escaping is applied to extracted metadata before it is included in the generated diagram syntax.
Audit Metadata