mermaid
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes user-provided requirements through the
$ARGUMENTSvariable to generate diagrams. - Ingestion points:
SKILL.mdinterpolates user input directly into the prompt context. - Boundary markers: Absent; there are no delimiters or 'ignore' instructions wrapping the
$ARGUMENTSinterpolation. - Capability inventory: The skill uses
Read,Write, andEdittools for file manipulation. No executable scripts or subprocess calls are provided within the skill package. - Sanitization: Absent; the skill does not specify any filtering or validation of the input content.
- [Documentation and References] (SAFE): The skill includes a large set of autogenerated documentation files for various Mermaid diagram types. These files contain example code and configuration snippets (e.g.,
securityLevel: 'loose') intended as a syntax reference for the agent. The HTML/JavaScript snippets and CDN links found in these files are examples for web developers and do not constitute remote code execution or unverifiable dependencies for the agent itself.
Audit Metadata