diagram
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to indirect prompt injection by processing untrusted markdown files. Ingestion points: Content is read from user-provided file paths as described in the SKILL.md workflow. Boundary markers: There are no delimiters or instructions to ignore instructions embedded within the Mermaid diagrams. Capability inventory: The skill can execute shell commands via mmdc and write changes back to the local file system. Sanitization: No sanitization is performed on the extracted content, allowing malicious Mermaid diagrams to influence agent behavior during the 'fix' workflow.
- COMMAND_EXECUTION (HIGH): The skill executes the mmdc CLI tool using shell interpolation of user-provided paths (e.g., /diagram validate path/to/file.md). A maliciously crafted filename could allow an attacker to execute arbitrary commands on the host system if the agent does not properly escape the path.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to install @mermaid-js/mermaid-cli from npm. As this package is not from a designated trusted source in the analyzer's framework, it introduces a supply-chain risk if the package or its dependencies are compromised.
Recommendations
- AI detected serious security threats
Audit Metadata