mindmap
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the official npm registry to install necessary dependencies like mind-elixir and puppeteer during the setup phase.
- [COMMAND_EXECUTION]: The workflow involves executing a Node.js script to render diagrams and the open command to show the resulting file to the user.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. 1. Ingestion points: User-provided plaintext mind map content via command line or stdin. 2. Boundary markers: Absent. 3. Capability inventory: The skill can write files and execute Node.js/Puppeteer commands. 4. Sanitization: The input is processed with JSON.stringify before being embedded in an HTML rendering template. However, this does not prevent script breakout if the input contains a closing script tag, which could allow arbitrary script execution within the transient Puppeteer browser context.
Audit Metadata