mermaid-diagrams
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): No override or bypass patterns were detected. The instructions are focused on guiding the agent to correctly format Mermaid diagrams and do not attempt to manipulate the agent's core safety or behavioral constraints.
- [DATA_EXFILTRATION] (SAFE): There are no commands or logic for accessing sensitive file paths or making unauthorized network requests. References to external sites (e.g., mermaid.js.org, mermaid.live) are for documentation and public editing tools.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill does not include any scripts (.py, .js, .sh) or remote download commands. Mentions of CLI installation via npm or Docker are provided as documentation for the end-user's local environment, not as tasks for the agent to execute.
- [NO_CODE] (SAFE): The skill consists entirely of Markdown files. It lacks a functional code execution surface, which significantly minimizes its attack profile.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill processes user-provided descriptions of systems to generate diagrams (an ingestion surface), it lacks any 'write' or 'execute' capabilities that could be abused via malicious data input. The output is limited to text-based diagram syntax.
Audit Metadata