Skills
skills/cklxx/elephant.ai/diagram-to-image/Gen Agent Trust Hub

diagram-to-image

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The run.py script allows users to specify an arbitrary output file path. This parameter is passed directly to the mmdc CLI tool, which could be exploited to overwrite sensitive local files if the agent is provided with a malicious output path.\n- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the installation of @mermaid-js/mermaid-cli via npm. This is a well-known and trusted package.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted Mermaid source code without sanitization.\n
  • Ingestion points: Untrusted Mermaid source code is ingested through the code parameter in run.py.\n
  • Boundary markers: Absent; the input is written directly to a temporary file without delimiters or instructions to ignore embedded commands.\n
  • Capability inventory: The skill can execute external commands via subprocess.run and write files to the local filesystem in run.py.\n
  • Sanitization: Absent; the script does not validate the contents of the Mermaid code or the destination of the output file path.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 05:48 PM