mermaid-diagrams
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill consists entirely of markdown documentation files (.md) and syntax references. No scripts (Shell, Python, JavaScript), binaries, or dangerous configuration files were detected.
- Indirect Prompt Injection (SAFE): While the skill is designed to ingest and visualize user-provided descriptions of systems and processes, it lacks any execution capabilities or tool access that could be exploited. The evidence chain shows: (1) Ingestion points: User system descriptions; (2) Boundary markers: Standard markdown code blocks; (3) Capability inventory: No scripts or system calls detected; (4) Sanitization: Not applicable as no code is executed.
- EXTERNAL_DOWNLOADS (SAFE): The documentation contains links to official and trusted resources such as mermaid.js.org and github.com/mermaid-js, but the skill does not automate any downloads or installations.
Audit Metadata