mermaid-diagrams
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation recommends the installation of the '@mermaid-js/mermaid-cli' npm package and the use of the 'minlag/mermaid-cli' Docker image. Neither source belongs to the defined list of trusted organizations.
- [COMMAND_EXECUTION] (MEDIUM): SKILL.md provides an export command 'docker run --rm -v $(pwd):/data minlag/mermaid-cli' which mounts the host's current working directory to an untrusted container. If run by an agent, this allows the container potential access to sensitive local files.
- [PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection) 1. Ingestion points: 'diagram' and 'visualize' triggers in SKILL.md. 2. Boundary markers: Absent; there are no instructions to ignore embedded user directives. 3. Capability inventory: Generation of Mermaid syntax, which supports the 'link' and 'click' keywords for external URLs. 4. Sanitization: Absent; the skill does not suggest filtering or escaping user input, allowing a malicious user to force the agent to generate diagrams containing phishing links.
Audit Metadata